Dorkbot ransomware worm targets Skype users

A new worm targeting Skype users with spam messages designed to infect machines with the Dorkbot ransomware has been discovered.

Security firm Trend Micro discovered the new attack on Monday, after receiving reports of a number of fraudulent messages containing malicious links.

The message contains the question, "is this your new profile pic?" followed by a malicious link.

The links reportedly install a variant of the Dorkbot, also known as NRGbot, worm on the users machine. The Dorkbot variant infects the machine with ransomware that locks the user out and encrypts their files, before going on to charge them $200 to unlock the machine.

A Skype spokesperson told V3 the firm was aware of the threat and urged users to take all necessary precautions to protect against the scam.

"Skype takes the user experience very seriously, particularly when it comes to security. We are aware of this malicious activity and are working quickly to mitigate its impact," it said.

"We strongly recommend upgrading to the newest Skype version and applying updated security features on your computer.

"Additionally, following links - even when from your contacts - that look strange or are unexpected is not advisable."

Trend Micro security director Rik Ferguson told V3 that it is currently unknown how many machines the new Skype campaign has infected.

"We're not sure how many have been affected by this particular variant, I only noted it this morning and TrendLabs analysis of all related components is still ongoing," Ferguson told V3.

"As a family though, Dorkbot has been around since 2011 and is software that can be purchased in the underground economy, so not linked to one particular group of attackers.

"This variant is noteworthy due to the use of click fraud and ransom ware modules. Traditionally Dorkbot has been all about credential theft. This usage though perhaps reflects the growing criminal interest in ransom ware and click fraud as alternative revenue generators."

Ferguson's comments follow widespread warnings within the security industry that ransomware is becoming an increasingly common tool in cyber criminals arsenal.

PandaLabs had previously listed ransomware as one of the booming areas in cyber crime in its quarterly threat report earlier in August,