Nov 08Dorkbot Ransomware Spreading Through Innocent-Sounding Message on Skype
“lol is this your new profile pic?” Skype users receiving this message are malware targets. Clicking on the link that downloads malware onto their computers will turn them from targets into victims.
Tech2.in.com explains, “The link, which includes the user name of the recipient, goes to a file hosted at a legitimate file locker service. The file downloaded is a variant of the Dorkbot malware family…. This malware allows an attacker to take complete control of the user’s system. Its capabilities include password theft from various websites, including pornographic sites, social media, file lockers, and financial services; and launching distributed denial-of-service (DDOS) attacks. The behavior that a user may see can vary significantly. It also has the capability to download other malware depending on the link provided by the C and C (command and control) servers, including ransomware and click fraud malware.”
Downloading a separate component, the malware sends the “lol is this your new profile pic?” to people in the target’s contact list. An added wrinkle is that the message is in the language that matches the user’s geolocation. So far, the message, which has already been altered, has been spread in German and English and can be translated into several other languages.
Thenextweb.com said that the malware is being used for click fraud and as ransomware. In a statement to thenextweb.com, a Skype spokesperson advised, “We are aware of this malicious activity and are working quickly to mitigate its impact. We strongly recommend upgrading to the newest Skype version and applying updated security features on your computer. Additionally, following links – even when from your contacts – that look strange or are unexpected is not advisable.”