New malware worms its way through Skype
By Digital News Asia October 23, 2012
- New malware distributed as a spam message via Skype
- Once compromised, an attacker can take complete control of the user’s system
SECURITY software company Trend Micro has reported a Skype-based campaign aimed at spreading malicious software, with users facing more waves of spammed messages.
According to a post by the company’s director of Security Research & Communication Rik Ferguson on security blog Countermeasures, these attacks are being used to distribute various threats, including ransomware and infostealers.
Ransomware is a class of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator of the malware in order for the restriction to be removed. An infostealer is a generic detection for Trojan horse programs that attempt to steal sensitive information such as login credentials.
Distributed via voice-over-Internet Protocol (VoIP) service and software application Skype, these attacks arrive in the form of a message, asking if the user has a new profile picture and upon clicking, user data is compromised (see pic below).
The link (which includes the user name of the recipient) goes to a file hosted at a legitimate file locker service. The file downloaded is a variant of the DORKBOT malware family, which is detected as WORM_DORKBOT.DN.
This malware allows an attacker to take complete control of the user’s system. Its capabilities include password theft form various websites (including pornographic sites, social media networks, file lockers, and financial services), and launching distributed denial-of-service (DDOS) attacks.
To date, Trend Micro has reported that from 2,800 files recorded on Oct 9, the total number of blocked and detected files is now at 6,800. As of Oct 12, a total of 13,221 infections has been reported worldwide.
The malware is still under investigation and Ferguson’s advice to users is simply this: “Please remember not to click on unexpected links, no matter how bleary-eyed you may be.”