An Analysis of the Skype IMBot Logic and Functionality

An Analysis of the Skype IMBot Logic and Functionality.

Publication Date

March, 08th 2010


Christian Wojner, L. Aaron Kaplan




You can download the full document in pdf format here.


The following report analyzes the Skype Instant Messenger Bot ("Skype IMBot", a variation of the W32.Nytemare trojan) and reports our reverse engineering efforts. One peculiar aspect of Skype IMBot was the way it controlled Skype (and other Instant Messengers) - simulating user input and user keystrokes. This reminded us of a limited Turing Test: did the malware or a true user send the URL? The report covers the reverse engineering of the Skype IMbot, network logic and recommendations to CERTs, users and Skype. It closed with an outlook on further instant messenger bots.