Symantec has observed a growing momentum of social engineering attacks on Skype and other instant messaging applications over the last week. The attack, which looks to have started around September 29, has to date conned over 2.5 million clicks from unsuspecting users. The attack uses the common social engineering tactic of posting a link to instant messaging applications for a potential victim to follow.
Since the cybercriminals have opted to use Google’s goo.gl URL shortening service in their campaign, Symantec is able to follow the success rate of clicks. To date we have seen eight different goo.gl URLs being used by W32.Phopifas (A worm that spreads through Skype and Windows Live Messenger.) and have been able to check the click rate on each one. The graph below outlines the success of each link and the malware .zip file associated to it. The malware .zip file name also contains the date it was used in the W32.Phopifas campaign.
While Symantec cannot extrapolate from these figures how many victims actually downloaded, extracted, and installed the malware, the figures do show just how successful a simple social engineering ploy can be on instant messaging applications.