What You Need to Know About the Latest Worm to Hit Skype
Instant-messaging (IM) application Skype is not only a long-time user favorite, bad guys seem to favor it, too. We spotted a Skype-based spam campaign that distributes worms via instant messages. A simple click can lead you to either lose your credentials to other sites or suffer some other malicious routine.
The spam campaign starts when a potential victim sees the message, "lol is this your new profile pic?" in a variety of languages. Included in the message is a link to a site where you can check the said profile picture out. Further convincing you to click the link, you'll find your name in the URL. When clicked, the link takes you to the site of a legitimate file-locking service. Of course, the file that's hosted there is a worm, particularly a variant of the DORKBOT malware family.
The worm, aka WORM_DORKBOT.DN, allows bad guys to gain control over your computer. Apart from stealing your credentials to other sites, it also downloads a component, another worm, aka WORM_DORKBOT.IF, to get to the computers of other Skype users. The second worm sends the same message you got to your contacts using the language assigned to their location.
Asking a contact if he/she really sent you a message with a link and where it leads to before even thinking of clicking it can spell the difference between protection and infection.
What's at Risk?
Because the worms steal credentials for various sites, including Facebook, Twitter, Google, PayPal, and Netflix, bad guys can compromise more of your accounts and gain even more information. Your credentials can also prove useful for other social engineering schemes.
The new Skype worms can also install ransomware in your computer, locking you out until you pay a certain fine. Bad guys can also use your computer to launch distributed denial-of-service (DDoS) attacks, knocking sites off the Web for certain amounts of time. The worms also have the ability to download other malware to your computer, adding more malicious behaviors to the mix.
Protection Against Infection
Although Trend Micro products actively protect against the worms used in this campaign, we still advise you to be cautious of clicking unfamiliar links, regardless of sender. Cybercriminals have used Skype and other IM applications to attack users over and over again. Even mobile users should be wary. Asking a contact if he/she really sent you a message with a link and where it leads to before even thinking of clicking it can spell the difference between protection and infection.