New Malware Campaign Targets Skype Users

Several security researchers are warning of new malware that targets Skype users with spammed links.

“A malicious worm is taking advantage of the Skype API to spam out messages similar to … ‘lol is this your new profile pic?[REDACTED]?img=[USERNAME],'” writes Sophos’ Graham Cluley. “Clicking on the suspicious links leads to the download of a ZIP files (variously called or that contains executable files detected by Sophos anti-virus products as Troj/Agent-YCW or Troj/Agent-YDC.”

“The executable installs a variant of the Dorkbot worm, detected as WORM_DORKBOT.IF or WORM_DORKBOT.DN respectively,” writes Trend Micro’s Rik Ferguson. “On installation, this worm may initiate large scale click-fraud activity on each compromised machine, recruiting it into a botnet.”

“Running the file will cause it to self delete and the infected PC will begin making DNS requests to a number of URLs, including a .pl, a .com and a .kz — we also saw references to IRC channel names in the network traffic and are investigating further,” writes GFI Software senior threat researcher Christopher Boyd. “It goes without saying that being dropped into a network of compromised machines of any kind won’t do the end-user any favours.”

“The backdoor allows a remote attacker to take control of the machine and install the ransomware, a malicious application that locks the user out of the computer via password or encryption and demands a payment, or ransom, in exchange for its contents,” writes CNET News’ Steven Musil. “This particular strain demands a payment of $200 within 48 hours or risk having their files deleted.”

“Microsoft-owned Skype said in a statement that it is working to tackle the problem and advised users to download its latest updates to make the platform more secure,” writes Digital Spy’s Mark Langshaw. “‘Skype takes the user experience very seriously, particularly when it comes to security. We are aware of this malicious activity and are working quickly to mitigate its impact,’ the company said in a statement. ‘We strongly recommend upgrading to the newest Skype version and applying updated security features on your computer. Additionally, following links — even when from your contacts — that look strange or are unexpected is not advisable.'”

Jeff Goldman
Jeff Goldman
Jeff Goldman is an eSecurity Planet contributor.

Top Products

Top Cybersecurity Companies

Cybersecurity is the hottest area of IT spending. That's why so many vendors have entered this lucrative $100 billion+ market. But who are the...

Top CASB Security Vendors for 2021

Any cloud-based infrastructure needs a robust cloud access security broker (CASB) solution to ensure data and application security and integrity. After carefully surveying the...

Top Endpoint Detection & Response (EDR) Solutions for 2021

Endpoint security is a cornerstone of IT security, so our team put considerable research and analysis into this list of top endpoint detection and...

Top Next-Generation Firewall (NGFW) Vendors

Cybersecurity is getting more complicated, and so are security products. NGFWs are no exception, and IoT devices and the work-from-home craze that began in...

Related articles