Fake email “You received a new message from Skype voicemail service.” contains trojan

MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “You received a new message from Skype voicemail service.”.

This email is send from the spoofed address “Skype Communications” and has the following body:

This is an automated email, please don’t reply.

Voice Message Notification
You received a new message from Skype voicemail service.

Message Details:

Time of Call: Tue, 26 Nov 2013 10:20:24 -0400
Length of Call: 38sec

Listen to the message
in the attached file.
Lost Password · Account Settings · Help · Terms of Use · Privacy

If You Are Still Having Problems
If you’re still having difficulty retrieving your Skype Name please contact a support agent via

Protect Your Password
Skype staff will NEVER ask you for your password via email. The only places you are asked for your password are when you sign in to Skype or on our website if you want to buy something or check your account. You will always sign in via a secure connection, and we ask you to ensure that the address in your browser begins exactly like this https://secure.skype.com It should also show a little padlock symbol to indicate the secure connection.

Be alert to emails that request account information or urgent action. Be cautious of websites with irregular addresses or those that offer unofficial Skype downloads. Security updates and product upgrades are made available at http://www.skype.com or using the client’s upgrade function.

© 2003-2013 Skype and/or Microsoft. The Skype name, associated trademarks and logos and the “S”
logo are trademarks of Skype or related entities.
Skype Communications S.a.r.l. 23-29 Rives de Clausen, L-2165 Luxembourg.

The attached ZIP file has the name Skype_Voice_Message-7776C24212.zip and contains the 151 kB large file Skype_Voice_M_497564___random_numbers___872345.wav.exe.

The trojan is known as Trojan.Agent.BAWV, UDS:DangerousObject.Multi.Generic, Trojan.Zbot, Trojan.Agent.BAWV or Mal/Generic-S.

At the time of writing, 7 of the 46 AV engines did detect the trojan at Virus Total.

Use the Virus Total permalink and Malwr permalink for more detailed information.
SHA256: c95780fa4688d3437a4558977d0ba58ae6d63e01af3bb6197910a0bff9e3ea84

14 thoughts on “Fake email “You received a new message from Skype voicemail service.” contains trojan

  1. I received this email a while. As I’ve never received a Skype VM before but hey,I use Skype so it is possible, I got as far as clicking on the attachment and I had my mouse hovering over the EXE file before I got a bad feeling and deleted the lot. Thank God I did! It’s true what they say about following your gut feeling. Thanks for confirming my fears.

  2. Getting an email every 20mins or so, all seem to come from a slightly different email address so cant block sended(well i can but it isnt effective) how can i stop this from filling my mail box? any suggestions?

  3. I’m getting a load of these too yesterday and today. Got my mail server binning any attachment beginning “Skype_voice_message”.

  4. If it’s exchange 2010/2007, create a transport rule, this should help:
    (ignore the file size limit bit, as it mentions 50k but these are bigger).

    Instead of blocking file types, just add in the pattern of ^Skype_voice_message”.
    You could just delete them, but moving them to another mailbox instead of delivering them to the user is possibly better.

Comments are closed.