Digital Identity Blog

Thought leadership for cybersecurity, fraud and digital channel professionals

Dorkbot Ransomware Spreading Through Innocent-Sounding Message on Skype

Posted
ThreatMetrix
By ThreatMetrix
ThreatMetrix®, The Digital Identity Company®, is the market-leading cloud solution for authenticating digital personas and transactions on the Internet. Verifying more than 20 billion annual transactions supporting 30,000 websites and 4,000 customers globally through the ThreatMetrix Digital Identity Network®, ThreatMetrix secures businesses and end users against account takeover, payment fraud and fraudulent account registrations resulting from malware and data breaches.
Follow ThreatMetrix ThreatMetrix's Most Recent Posts:

“lol is this your new profile pic?” Skype users receiving this message are malware targets. Clicking on the link that downloads malware onto their computers will turn them from targets into victims.

Tech2.in.com explains, “The link, which includes the user name of the recipient, goes to a file hosted at a legitimate file locker service. The file downloaded is a variant of the Dorkbot malware family…. This malware allows an attacker to take complete control of the user’s system. Its capabilities include password theft from various websites, including pornographic sites, social media, file lockers, and financial services; and launching distributed denial-of-service (DDOS) attacks. The behavior that a user may see can vary significantly. It also has the capability to download other malware depending on the link provided by the C and C (command and control) servers, including ransomware and click fraud malware.”

Downloading a separate component, the malware sends the “lol is this your new profile pic?” to people in the target’s contact list. An added wrinkle is that the message is in the language that matches the user’s geolocation. So far, the message, which has already been altered, has been spread in German and English and can be translated into several other languages.

Thenextweb.com said that the malware is being used for click fraud and as ransomware. In a statement to thenextweb.com, a Skype spokesperson advised, “We are aware of this malicious activity and are working quickly to mitigate its impact. We strongly recommend upgrading to the newest Skype version and applying updated security features on your computer. Additionally, following links – even when from your contacts – that look strange or are unexpected is not advisable.”

ThreatMetrix
By ThreatMetrix Posted