An Analysis of the Skype IMBot Logic and Functionality

2010/03/08
An Analysis of the Skype IMBot Logic and Functionality.


Publication Date

March, 08th 2010

Author

Christian Wojner, L. Aaron Kaplan

Language

English

History

You can download the full document in pdf format here.


Content

The following report analyzes the Skype Instant Messenger Bot ("Skype IMBot", a variation of the W32.Nytemare trojan) and reports our reverse engineering efforts. One peculiar aspect of Skype IMBot was the way it controlled Skype (and other Instant Messengers) - simulating user input and user keystrokes. This reminded us of a limited Turing Test: did the malware or a true user send the URL? The report covers the reverse engineering of the Skype IMbot, network logic and recommendations to CERTs, users and Skype. It closed with an outlook on further instant messenger bots.