Skype Worm | Joachim De Zutter
October 2012
Filename: skype_09-10-2012_image.zip
Filesize: 135531
MD5: 50b2849313fed255ebaa0e995c560d45
SHA1: eb30cff0687c2bb4c11992fd1679821689c72c7b
SHA256: f903f53c570b04c6c04a670ab20441046f147f48d705c2297b0829a36fc24837
contains:
Filename: skype_09-10-2012_image.exe
Filesize: 480256
MD5: b9f6b844599bd50e67c3337d14eff8cf
SHA1: a0e0944c8a3d06f269f0d87f0ae4498fb37579c3
SHA256: f33b4671195f3f91dc75e3ee6c78cdcf7937cf1c1850bcbb6fe93327755923b5
https://www.virustotal.com/file/f33b4671195f3f91dc75e3ee6c78cdcf7937cf1c1850bcbb6fe93327755923b5/analysis/
Sophos detailed analysis: Troj/ProcHI-F
or
Filename: foto_skype_10-21-2012.zip
Filesize: 97592
MD5: c192d302255e6355c37ff60d68c31eac
SHA1: 55b22cbde06158606da8275dae7f53f18654085e
SHA256: 9a9c4f3f35d78ba57675a1bcdea5b02f41374e6f903ca8fa0901c3a193aa537e
contains:
Filename: foto_skype_10-21-2012.exe
Filesize: 157696
MD5: 8a4567b62f1b7ef067f208d447a4df28
SHA1: 441c53cc9c297d13653ac32e6e863e7bd9677ba3
SHA256: 223cf2fada3c74d9291d6e6d65061ddd6b1a8d28952e9d328f176aebb92d1c1c
Identified by AVG as Generic30.EPJ

Sends a Skype message in the following format to people in the victim's Skype contact list:

"lol is this your new profile pic? http://goo.gl/" ...

goo.gl is the domain name of Google's URL shortener service. The URL in the message redirects the browser to a web server that hosted skype_09-10-2012_image.zip