Malicious worm spreading through Skype IM
South Africans are warned to exercise caution when using Skype as they may fall victim to a recent campaign started by cyber-criminals aimed at spreading malicious malware.
The malicious worm has been spreading quickly among local Skype users. Some infections will install a ransomware variant, locking users out of their computers and informing them that their files have been encrypted and will be deleted unless a ransom payment of $200 is made within 48 hours.
This worm is spread through Skype’s instant messaging service –many users have reported receiving messages from friends in their Skype contact list – with messages reading “lol is this your new profile pic?” followed by a link to the supposed profile pic.
When users click on the link, a ZIP file is automatically downloaded which opens a back door, installing the Dorkbot worm and allowing remote control of the affected PC.
“Malware authors, always eager to exploit their victims’ susceptibility and curiosity, recognise that users are likely to open links from someone in their Skype contact list that they know and trust, which is why the worm is spreading so quickly in SA,” says Carey van Vlaanderen, CEO of ESET South Africa.
Skype released the following comment: Skype takes the user experience very seriously, particularly when it comes to security. We are aware of this malicious activity and are working quickly to mitigate its impact. We strongly recommend upgrading to the newest Skype version and applying updated security features on your computer.
Van Vlaanderen adds, “ESETinternet security/ online security strongly advises local users to ensure they are using reputable up-to-date antivirus software and to avoid opening suspicious links from friends.”