The attack is mounted via malware-infected users whose compromised Skype account is set to send out messages to their contacts.
The message is very simple - it contains just one goo.gl shortened link and no explanation whatsoever:
Anyone who clicks on the link is subjected to a redirection and is ultimately offered to download a file.
The malware offered for download is rotated. Sometimes it's a banking Trojan, sometimes a backdoor, and occasionally a generic downloader, but unfortunately for the victims, most of the variants pushed onto them are poorly detected by popular AV solutions.
What's interesting to note that one of the Zeus Trojan variants offered phones back to an IP address that has in the past been used as a C&C for the Madi/Mahdi malware campaign and the Flashback one.
To protect themselves against this type of attacks, users are advised always to check with the person that apparently sent the message whether they actually did it or not before following links in any kind of unsolicited message.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.