Skype users stalked by ransom trojan

Oct 9, 2012
0

Skype has warned users to update to the latest version of the VoIP and video calling app, as well as to check their computer security settings, after a fast-spreading worm was spotted targeting the software. The worm, "Dorkbot," is being distributed via masked links sent out via Skype's instant messaging system, Trend Micro reports, co-opting the PC into a botnet and eventually demanding $200 from users in order to unlock their files else see them permanently deleted.

According to the security researchers, various types of social-engineering are being used to encourage Skype IM users to click on the links. Most common appears to be a question along the lines of "lol is this your new profile pic?" which resolves to a file called "Skype_todaysupdate.zip" that downloads the trojan itself.

Trend Micro says that it has observed "upwards of 400 detections in less than 12 hours" from those using its security products, according to TechCrunch, though the actual number is likely to be greater. Both it and Skype point out that users should be wary about clicking links that they're not expecting and from people that they don't know.

There's more information at the Skype forums, and Skype has instructions here on how you can clean your system if you've inadvertently been infected.

Skype statement:

"Skype takes the user experience very seriously, particularly when it comes to security. We are aware of this malicious activity and are working quickly to mitigate its impact. We strongly recommend upgrading to the newest Skype version and applying updated security features on your computer. Additionally, following links – even when from your contacts – that look strange or are unexpected is not advisable"


Must Read Bits & Bytes