Security researchers are warning Skype users about an ongoing attack that dupes people into loading a link that spreads malware.
According to Trend Micro, the attack has resulted in infected users spamming their contact lists with messages in both English and German. The English version of the message states: “lol is this your new profile pic?” along with a URL. The message in German is similar.
In both cases, the shortened URL eventually redirects to a download on hotfile.com that pulls down an archive named “Skype_todaysdate.zip” containing a single executable file of the same name, explained Rik Ferguson, director of security research and communication at Trend Micro, in a blog post. The executable, he added, installs a variant of the Dorkbot worm.
“Since we added detection for the two elements of this attack – respectively TROJ_DLOADER.IF for the initial dropper and WORM_DORKBOT.IF for the Dorkbot component – we have upwards of 400 detections in less than 12 hours,” he told eWEEK, adding that those statistics only cover Trend Micro customers. “These are represented in every continent with a relatively even spread.”
Ransomware has been on the rise of late. According to security vendor McAfee, the number of new ransomware samples increased by roughly 50 percent between the first and second quarters of the year. All totaled, the number of new ransomware threats jumped to more than 120,000 during the second quarter.
Graham Clulely, senior technology consultant at Sophos, noted that there have been many variants of the Dorkbot attack spotted in the last year or so through Facebook and Twitter.
“The threat can also spread via USB sticks, and various instant messaging protocols,” he blogged. “The danger is, of course, that Skype users may be less in the habit of being suspicious about links sent to them than, say, Facebook users. Always remember to be suspicious of unsolicited out-of-character messages sent to you by your online friends. You don’t know that it was a friend who sent you the message, all you know is that it was their account which posted it to you… and who knows if it was compromised or not?”
In a statement, Skype said it is aware of the attack.
“Skype takes the user experience very seriously, particularly when it comes to security,” a spokesperson told eWEEK. “We are aware of this malicious activity and are working quickly to mitigate its impact. We strongly recommend upgrading to the newest Skype version and applying updated security features on your computer. Additionally, following links – even when from your contacts – that look strange or are unexpected is not advisable.”
How well do you know Apple? Take our quiz.
Originally published on eWeek.
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…