Dorkbot worm spreading via Skype, installs nasty ransomwareBy Shawn Knight 13 comments
A malware infection is quickly spreading over Skype IM that can allow the author to lock a user out of their PC and demand a ransom. The payload is delivered in the form of a spoofed message from someone on the target's contact list with the text "lol is this your new profile pic?" or a similar variant.
The accompanying link (if clicked) downloads a ZIP file that contains an executable responsible for installing a variant of the Dorkbot worm, according to security firm Trend Micro. The worm will then install ransomware on the infected PC, effectively locking the user out of the computer. GFI Labs says this particular strain demands the infected user pay $200 within 48 hours or risk having all of their files deleted.
If that weren't enough, the infection also installs a click fraud system used to generate an enormous amount of fraudulent ad clicks. GFI researchers discovered nearly 2,300 fraudulent clicks had occurred within just 10 minutes on an infected computer. That equates to some serious revenue for the authors, granted the advertiser doesn't notice the fraud before payment is made.
Dorkbot is a pretty nasty worm that has been known to steal usernames and passwords from sites like Facebook, Google, Netflix, PayPal and Twitter. Furthermore, it can also interfere with DNS resolution, add iFrames to web pages and act as a proxy server to download and install more malware.
Fortunately this malware outbreak can be easily avoided. To become infected, one would need to click the malicious link, download the ZIP file, extract it and run the executable file - steps that we assume most TechSpot readers would know better than to follow through with.
Skype is aware of the outbreak and is working on a solution as we speak. In the meantime, the company urges users to make sure they are running the latest version of Skype and keep your PC updated with the most recent security updates and virus definitions.