Categories: SecurityWorkspace

Ransomware Worm Hits Skype Users

Security researchers are warning Skype users about an ongoing attack that dupes people into loading a link that spreads malware.

According to Trend Micro, the attack has resulted in infected users spamming their contact lists with messages in both English and German. The English version of the message states: “lol is this your new profile pic?” along with a URL. The message in German is similar.

Dorkbot worm

In both cases, the shortened URL eventually redirects to a download on hotfile.com that pulls down an archive named “Skype_todaysdate.zip” containing a single executable file of the same name, explained Rik Ferguson, director of security research and communication at Trend Micro, in a blog post. The executable, he added, installs a variant of the Dorkbot worm.

“Since we added detection for the two elements of this attack – respectively TROJ_DLOADER.IF for the initial dropper and WORM_DORKBOT.IF for the Dorkbot component – we have upwards of 400 detections in less than 12 hours,” he told eWEEK, adding that those statistics only cover Trend Micro customers. “These are represented in every continent with a relatively even spread.”

Once on the system, the Dorkbot variant appears to initiate a click fraud scheme and ropes the compromised machine into a botnet, Ferguson noted in his blog post. The malware subsequently installs a ransomware variant that locks the user out of their machine and notifies them that their files have been encrypted and that they will be deleted unless the victim hands over $200 (£125) in 48 hours.

Ransomware has been on the rise of late. According to security vendor McAfee, the number of new ransomware samples increased by roughly 50 percent between the first and second quarters of the year. All totaled, the number of new ransomware threats jumped to more than 120,000 during the second quarter.

Facebook, Twitter attacks linked

Graham Clulely, senior technology consultant at Sophos, noted that there have been many variants of the Dorkbot attack spotted in the last year or so through Facebook and Twitter.

“The threat can also spread via USB sticks, and various instant messaging protocols,” he blogged. “The danger is, of course, that Skype users may be less in the habit of being suspicious about links sent to them than, say, Facebook users. Always remember to be suspicious of unsolicited out-of-character messages sent to you by your online friends. You don’t know that it was a friend who sent you the message, all you know is that it was their account which posted it to you… and who knows if it was compromised or not?”

In a statement, Skype said it is aware of the attack.

“Skype takes the user experience very seriously, particularly when it comes to security,” a spokesperson told eWEEK. “We are aware of this malicious activity and are working quickly to mitigate its impact. We strongly recommend upgrading to the newest Skype version and applying updated security features on your computer. Additionally, following links – even when from your contacts – that look strange or are unexpected is not advisable.”

How well do you know Apple? Take our quiz.

Originally published on eWeek.

Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Share
Published by
Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago