December 6, 2016

In brief: Skype being used to spread DORKBOT worm

(LiveHacking.Com) – Skype is being used to distribute a variant of the DORKBOT worm. Users are being spammed with instant messages saying “lol is this your new profile pic?” If they click on the link (which cunningly includes the username of the recipient) a variant of the DORKBOT malware family is downloaded to the PC.

DORKBOT allows an attacker to take complete control of the PC and includes password theft capabilities for a large number of popular websites including Facebook, Twitter, Google, PayPal, NetFlix and many others. It can also be used to launch a distributed denial-of-service (DDOS) attacks. It can also download other malware to the PC when instructed by the command and control server.

Once the Windows machine has been infected, the worm sends out other “lol” messages to the user on the victim’s contact list. In turn, the unsuspecting recipients think the message was sent from someone they know and click on the link and the cycle starts again.

“Skype takes the user experience very seriously, particularly when it comes to security. We are aware of this malicious activity and are working quickly to mitigate its impact,” said Skype to the BBC. “We strongly recommend upgrading to the newest Skype version and applying updated security features on your computer. Additionally, following links – even when from your contacts – that look strange or are unexpected is not advisable.”