ID: IRCNE2012101638
Date: 2012-10-09
According to “CNet”, a malicious worm spreading through Skype instant messages threatens to take control of a victim's machine and hold its contents for ransom.
The issue, which was first brought to light Friday by GFI, tricks users into downloading a ZIP file by displaying the socially-engineered message, "lol is this your new profile pic?" along with a link that also spreads the message to other Skype users. The ZIP filed contains an executable file that installs a variant of the Dorkbot worm and creating a backdoor via "Blackhole," an exploit kit used by criminals to infect computers through security holes.
The backdoor allows a remote attacker to take control of the machine and install the ransomware, a malicious application that locks the user out of the computer via password or encryption and demands a payment, or ransom, in exchange for its contents. This particular strain demands a payment of $200 within 48 hours or risk having their files deleted.
The malware also employs click fraud, imitating legitimate user behavior by clicking on ads to generate revenue for its authors. And it's not a few clicks; GFI said in a 10-minute span it recorded 2,259 transmissions.
Skype said it is investigating the matter and recommends upgrading Skype versions and making sure the machine's security software is up to date.
- 3