[schnitzelattack]

Hi there,

Today, I accidentally clicked on a shortened url from a skype message. The contact is trusted, and probably got infected.

I did a quick scan of the url with various automated tools and got a few hits. The url also included a query string with my skype username.

Basically, it loads an obfuscated JavaScript file.

This is one report from an automated tool:
https://www.reverse.it/sample/9ab412136 ... onmentId=4

BehavesLike.JS.DownloaderShell

Another tool spit out: js.Phish

Don't know if these are platform independent or just Windows or OSX (or Linux)

I'm on a Linux machine.

[TETYYSs]

https://wepawet.iseclab.org/view.php?ha ... 1457019363

It looks like malicious, but I don't get the purpose of final script

[schnitzelattack]

Yes, I put it through that tool as well.

I didn't got redirected, it just stayed in the landing page which was a weight loss information page.

[schnitzelattack]

I should put the initial url here for other to test.

The url was a goo.gl short url: goo gl/eJZmvU

Test at your own risk.

A short url expander gives me 4 redirects
http://longurl.org/expand?url=http%3A%2 ... l%2FeJZmvU

[TETYYSs]

I don't think that this JS file is associated with this.

[Munsta]

I think someone is testing Skype worm/spammer. Acquiring performance via short url stats probably :)