Skyper.B is a malware program that imitates Skype and attempts to steal sensitive information such as the user's Skype details and other username/password information stored in Internet Explorer.
Based on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the detected program or file, or ask you for a desired action.
Find the latest advice in our Community Knowledge Base.
See the manual for your F-Secure product on the Help Center.
Submit a file or URL for further analysis.
Skyper.B attempts to disguise itself as a security plug-in called Skype Defender. It is packed with UPX 3.0 and it is written with Borland Delphi.Running the malware produces this dialog:
Once run, what looks like the Skype Logon screen is displayed:
Attempting to use the logon screen produces an error message:
Note that the real Skype's sign in button is different than the malware's:
The only functionality that this application has is the "Sign in" button.When the "Sign in" button is clicked, the malware attempts to transmit the username and password to a remote server located at [removed].rxfly.net. Skyper.B also attempts to collect username and password information from the Windows Protected Storage service.The sample itself does not install anything to the user's computer or add any Registry values. When closing the application, it disappears from the process list as would a normal application.The Skyper.B file contains an unused IP Address that points to a location somewhere in Russia. This secondary address was used by Skyper.A.Additionally, it doesn't have any automatic mechanisms to spread itself so it must be sent by its author via email, through a website, or even via IM (Instant Messengers) such as Yahoo, MSN, ICQ, and Skype.
Description Created: 2007-10-17 14:50:56.0
Description Last Modified: 2007-10-17 17:25:32.0