Several security researchers are warning of new malware that targets Skype users with spammed links.
“A malicious worm is taking advantage of the Skype API to spam out messages similar to … ‘lol is this your new profile pic? http://goo.gl/[REDACTED]?img=[USERNAME],'” writes Sophos’ Graham Cluley. “Clicking on the suspicious links leads to the download of a ZIP files (variously called skype_06102012_image.zip or skype_08102012_image.zip) that contains executable files detected by Sophos anti-virus products as Troj/Agent-YCW or Troj/Agent-YDC.”
“The executable installs a variant of the Dorkbot worm, detected as WORM_DORKBOT.IF or WORM_DORKBOT.DN respectively,” writes Trend Micro’s Rik Ferguson. “On installation, this worm may initiate large scale click-fraud activity on each compromised machine, recruiting it into a botnet.”
“Running the file will cause it to self delete and the infected PC will begin making DNS requests to a number of URLs, including a .pl, a .com and a .kz — we also saw references to IRC channel names in the network traffic and are investigating further,” writes GFI Software senior threat researcher Christopher Boyd. “It goes without saying that being dropped into a network of compromised machines of any kind won’t do the end-user any favours.”
“The backdoor allows a remote attacker to take control of the machine and install the ransomware, a malicious application that locks the user out of the computer via password or encryption and demands a payment, or ransom, in exchange for its contents,” writes CNET News’ Steven Musil. “This particular strain demands a payment of $200 within 48 hours or risk having their files deleted.”
“Microsoft-owned Skype said in a statement that it is working to tackle the problem and advised users to download its latest updates to make the platform more secure,” writes Digital Spy’s Mark Langshaw. “‘Skype takes the user experience very seriously, particularly when it comes to security. We are aware of this malicious activity and are working quickly to mitigate its impact,’ the company said in a statement. ‘We strongly recommend upgrading to the newest Skype version and applying updated security features on your computer. Additionally, following links — even when from your contacts — that look strange or are unexpected is not advisable.'”