An Analysis of the Skype IMBot Logic and Functionality.
March, 08th 2010
Christian Wojner, L. Aaron Kaplan
You can download the full document in pdf format
The following report analyzes the Skype Instant Messenger Bot ("Skype IMBot", a variation of the W32.Nytemare trojan) and reports our reverse engineering efforts. One peculiar aspect of Skype IMBot was the way it controlled Skype (and other Instant Messengers) - simulating user input and user keystrokes. This reminded us of a limited Turing Test: did the malware or a true user send the URL?
The report covers the reverse engineering of the Skype IMbot, network logic and recommendations to CERTs, users and Skype. It closed with an outlook on further instant messenger bots.