A worm has taken control over Skype these days. Security researchers have been warning users about the attack which misleads users into downloading a malware through a link whereby the victim’s machine and the contents are held for ransom.
The user’s contacts are also sent the spam which includes the message, “lol, is this your new profile pic?” along with a URL. When the user clicks on the link, it is redirected to hotfile.com that initiates downloading of a zip file namely “Skype_todaysdate.zip” which contains an executable file of similar name. This file installs a variant of Dorkbot worm and creates a backdoor via Blackhole, used by Internet criminals to attack devices through secret security holes. Through these backdoor, the remote attacker can illegally take control of the machine and install ransomware, a malicious application that locks the computer via some password or using some encryption standard. In exchange of the contents, the attacker demands a payment. In the present case of Skype, a ransom of $200 is being demanded within duration of 48 hours or else the files will be cleaned out of the system. The malware is also involved with the clicking fraud to generate revenues and the transmission number of such clicks is very high. In addition to this, the users are also displayed that the computer is being used for visiting sites that are debased and are of criminal nature. For instance, downloading illegal pornography, drugs sale and purchase, gambling with the threat of passing the information to the department of US government which it claims was developed by the government to prevent crime and illegal activities on Internet.
To the whole incident, the company said that it is investigating the matter. “Skype takes the user experience very seriously, particularly when it comes to security,” a spokesperson said. “We are aware of this malicious activity and are working quickly to mitigate its impact.” The company highly recommended users to upgrade their Skype versions and make sure the security systems of the device are up to date. Also, the users are advised to not follow any suspicious link even it is coming from a reliable source like someone in your contact list.
This application, Ransomware has been on the rise lately and has also infected both Twitter and Facebook previously. The dorkbot is well known for sending messages using social engineering characteristics to fool the user into clicking an infected link. The threats have jumped to more than 120,000 during the second quarter of the year, according to security vendor McAfee.