Dorkbot Now Worming Its Way through Skype

The Dorkbot worm that fooled many a Facebook and Twitter user is now socially engineering Skype users into downloading the malware, whose payload now includes a mechanism to lock down machines.Various antivirus and security companies are reporting the latest iteration rummages through an infected Skype user’s contact list and sends the message “Lol is this your new profile pic?” in English. It sends a similar message in German, too.

DorkbotThe Dorkbot worm that fooled many a Facebook and Twitter user is now socially engineering Skype users into downloading the malware, whose payload now includes a mechanism to lock down machines.

Various antivirus and security companies are reporting the latest iteration rummages through an infected Skype user’s contact list and sends the message “Lol is this your new profile pic?” in English. It sends a similar message in German, too.

Clicking the link opens a .zip file that contains “skype_02102012_image.exe.” Unzipping the file opens a backdoor and installs the Dorkbot worm. The victim’s machine is then enlisted into a botnet, and files may also be held hostage until a $200 payment is made within 24 to 48 hours.

Similar malware made the rounds within the past year on social networks Facebook and Twitter as well as through IM channels and USB drives. The ransomware, however, is a new element.

In addition to the lockout, infected PC users receive a message claiming the computer’s been used for illegal activity, such as accessing child pornography or stealing copyrighted music. Victims will be turned in to federal authorities, they are told, unless a payment is made using widely available prepaid money cards. 

The malware was mentioned on Friday on GFI Software’s blog. “Running the file will cause it to self delete and the infected PC will begin making DNS requests to a number of URLs, including a .pl, a .com and a .kz – we also saw references to IRC channel names in the network traffic and are investigating further. It goes without saying that being dropped into a network of compromised machines of any kind won’t do the end-user any favours,” wrote the company’s senior threat researcher, Christopher Boyd.  

“All in all, not a great thing to have on your system and despite the rapid takedowns it still appears to be putting up a valiant struggle during its quest to infect as many users as possible.”

Trend Micro earlier today noted hundreds of detections across various countries – a small number compared to the millions of Skype customers.

Skype issued a statement to various news outlets saying it took the security issue “very seriously” and recommended users  upgrade to the newest Skype version and apply updated security features on your computer. It also warned its customers to be wary of opening any unusual messages coming from friends.

 

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.