SurfControl said that it first detected the spyware attack, which is being sent in emails written in Turkish and claiming to be from Skype on the 8 August.
The body of the emails encourage users to download what is claimed to be the Skype application by clicking on an enclosed link. Upon clicking the link, unwitting users are taken to a site that appears to be the Turkish version of the Skype website to download the application.
The fake Skype website contains a malicious file, skypekur.exe, which when executed, installs multiple password recovery tools that extract passwords from IM applications, email clients, and FTP programs on an infected user’s machine. Passwords, once extracted, are then sent back to the email’s originator, SurfControl warned.
_(20).jpg&h=140&w=231&c=1&s=0)
_(22).jpg&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0)
_(26).jpg&w=100&c=1&s=0)
iTnews Executive Retreat - Security Leaders Edition
_(1).jpg&h=140&w=231&c=1&s=0)
