Dorkbot worm spreading via Skype, installs nasty ransomware

By on October 10, 2012, 7:30 AM

A malware infection is quickly spreading over Skype IM that can allow the author to lock a user out of their PC and demand a ransom. The payload is delivered in the form of a spoofed message from someone on the target’s contact list with the text “lol is this your new profile pic?” or a similar variant. 

The accompanying link (if clicked) downloads a ZIP file that contains an executable responsible for installing a variant of the Dorkbot worm, according to security firm Trend Micro. The worm will then install ransomware on the infected PC, effectively locking the user out of the computer. GFI Labs says this particular strain demands the infected user pay $200 within 48 hours or risk having all of their files deleted.

If that weren’t enough, the infection also installs a click fraud system used to generate an enormous amount of fraudulent ad clicks. GFI researchers discovered nearly 2,300 fraudulent clicks had occurred within just 10 minutes on an infected computer. That equates to some serious revenue for the authors, granted the advertiser doesn’t notice the fraud before payment is made.

Dorkbot is a pretty nasty worm that has been known to steal usernames and passwords from sites like Facebook, Google, Netflix, PayPal and Twitter. Furthermore, it can also interfere with DNS resolution, add iFrames to web pages and act as a proxy server to download and install more malware.

Fortunately this malware outbreak can be easily avoided. To become infected, one would need to click the malicious link, download the ZIP file, extract it and run the executable file – steps that we assume most TechSpot readers would know better than to follow through with.

Skype is aware of the outbreak and is working on a solution as we speak. In the meantime, the company urges users to make sure they are running the latest version of Skype and keep your PC updated with the most recent security updates and virus definitions.




User Comments: 13

Got something to say? Post a comment
Guest said:

Skype bots posting malicious links to people have existed for a verrrrry long time. Why is this news?

j05hh j05hh said:

Bots like this are common in chat messenger programs. I've seen this most frequent with msn messenger. Nothing new here.

Guest said:

Quote: "Skype bots posting malicious links to people have existed for a verrrrry long time. Why is this news?"

because there are a lot of new people, old people, young people, non techies, (ie:most people) that don't know.

Gareis Gareis said:

Old :p but still an interesting read.

Guest said:

I really love all you armchair analysts. "Nothing new here", "why is this news". This is news because the perps are demanding $200 or they threaten to destroy your computer! $200 is a lot of money and amounts to ransom. If you look beyond the tip of your nose, you will realize that, guess what, this is a really highly illegal activity.

That's why this is news.

1 person liked this | VitalyT VitalyT said:

Much of it doesn't make sense... still, I'd want to find that dork creator of this thing and have him dive head-down in a Scottish public toilet...

1 person liked this | Tygerstrike said:

@above guest

You must forgive thier jaded responses. They must have seen it all and know no one who could benifit from this knowledge. I however, know plenty of ppl who could use this knowledge to protect themselves from this malware. I plan on informing the friends I know, and customers I deal with, about this and to watch for it. TY TechSpot, since everyone else seems to much of a jackwagon, for this tidbit of info.

Guest said:

What will you tell them though? Don't click on links sent from random strangers? Don't download random files you know nothing about? Don't run strange random files you just downloaded? Cause those are the most basic rules ever about not getting virus's. If they aren't doing those things already then warning them about ONE single virus is hardly going to help them :p

Gareis Gareis said:

What will you tell them though? Don't click on links sent from random strangers? Don't download random files you know nothing about? Don't run strange random files you just downloaded? Cause those are the most basic rules ever about not getting virus's. If they aren't doing those things already then warning them about ONE single virus is hardly going to help them :p

"The payload is delivered in the form of a spoofed message from someone on the target?s contact list with the text ?lol is this your new profile pic?? or a similar variant. "

Guest said:

I'm beginning to fear that the only way of preventing a faulty executable to run is to check it is truly OK.

Like Apple is doing on iPhone and also possible on OSX: only run things from their app-store.

1 person liked this | avoidz avoidz said:

Skype bots posting malicious links to people have existed for a verrrrry long time. Why is this news?

Because this is a new variant. Because it's sensible to maintain awareness of these things. Because this is a tech news site.

Guest said:

Well, we had infection with this worm last week in my company, caught from some Russian contact. However, I am not aware that anyone had their computer locked out and that they asked them to pay for it.

Nevertheless, our IT department resolved the issue, although we are on different continents, and now we are clean.

But I am glad to have learned the name of it :)

jobeard jobeard, TS Ambassador, said:

What will you tell them though? Don't click on links sent from random strangers? Don't download random files you know nothing about? Don't run strange random files you just downloaded? Cause those are the most basic rules ever about not getting virus's. If they aren't doing those things already then warning them about ONE single virus is hardly going to help them :p
yes - - but haven't you heard; An ounce of prevention is worth a pound of cure? Newbies NEED this information (psst; while Internet access is ubiquitous, the acceptance is not yet 100%) and everyone can stand another reminder - - that's everyone other than ...

The name is irrelevant but the implementation info reenforces your analysis of what NOT to do. After reading the details, my reaction was more sympathetic - - Boy I bet those that didn't know are sure sorry now.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.