The virus, which was first reported on Friday by GFI Labs, takes advantage of the Skype API to spam out messages that appear to come from a user in your contact list. These message similar to the one below instead send you a link that contains software for download:
lol is this your new profile pic? http://goo.gl/[REDACTED]?img=[USERNAME]Clicking on the suspicious links leads to the download of a ZIP files (variously called skype_06102012_image.zip or skype_08102012_image.zip) that contains executable files detected by anti-virus products as Troj/Agent-YCW, Troj/Agent-YDC, TROJ_DLOADER.IF or Trojan.Win32.Generic!BT. The Trojan horse opens a backdoor, allowing a remote hacker to take control of infected PCs, communicating with a remote server via HTTP.
The virus which is known as the Dorkbot worm (WORM_DORKBOT.IF or WORM_DORKBOT.DN) is previously known for targeting users of Twitter and Facebook. Once installed the virus uses its host computer to engage in click fraud leading an infected users computer to other malicious sites and eventually installing further ransomware that locks the user out of the machine. Once installed the ransomware displays screens saying that they user's data will be deleted unless a $200 "fine" is paid in the next 48 hours.
Skype officials have said they are "working quickly to mitigate" the attack. They also advise users to ensure they're running the most up-to-date version of the Skype client.
"Skype takes the user experience very seriously, particularly when it comes to security. We are aware of this malicious activity and are working quickly to mitigate its impact. We strongly recommend upgrading to the newest Skype version and applying updated security features on your computer. Additionally, following links – even when from your contacts – that look strange or are unexpected is not advisable.
No comments:
Post a Comment
All comments will be moderate for content, please be patient as your comment will appear as soon as it has been reviewed.
Thank you
Geek-News.Net