All the latest UK technology news, reviews and analysis


Dorkbot ransomware worm targets Skype users

08 Oct 2012
malware virus security threat

A new worm targeting Skype users with spam messages designed to infect machines with the Dorkbot ransomware has been discovered.

Security firm Trend Micro discovered the new attack on Monday, after receiving reports of a number of fraudulent messages containing malicious links.

The message contains the question, "is this your new profile pic?" followed by a malicious link.

The links reportedly install a variant of the Dorkbot, also known as NRGbot, worm on the users machine. The Dorkbot variant infects the machine with ransomware that locks the user out and encrypts their files, before going on to charge them $200 to unlock the machine.

A Skype spokesperson told V3 the firm was aware of the threat and urged users to take all necessary precautions to protect against the scam.

"Skype takes the user experience very seriously, particularly when it comes to security. We are aware of this malicious activity and are working quickly to mitigate its impact," it said.

"We strongly recommend upgrading to the newest Skype version and applying updated security features on your computer.

"Additionally, following links - even when from your contacts - that look strange or are unexpected is not advisable."

Trend Micro security director Rik Ferguson told V3 that it is currently unknown how many machines the new Skype campaign has infected.

"We're not sure how many have been affected by this particular variant, I only noted it this morning and TrendLabs analysis of all related components is still ongoing," Ferguson told V3.

"As a family though, Dorkbot has been around since 2011 and is software that can be purchased in the underground economy, so not linked to one particular group of attackers.

"This variant is noteworthy due to the use of click fraud and ransom ware modules. Traditionally Dorkbot has been all about credential theft. This usage though perhaps reflects the growing criminal interest in ransom ware and click fraud as alternative revenue generators."

Ferguson's comments follow widespread warnings within the security industry that ransomware is becoming an increasingly common tool in cyber criminals arsenal.

PandaLabs had previously listed ransomware as one of the booming areas in cyber crime in its quarterly threat report earlier in August,

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson
About

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Poll

BYOD vs CYOD vs BYOC poll

Which approach is your firm taking to managing employees' mobile devices?
21%
13%
4%
21%
31%
10%

Popular Threads

Powered by Disqus
Sony Xperia Z2 Tablet powered by Android KitKat 4.4

Sony Xperia Z2 Tablet video

We take a look at the lightweight, waterproof tablet

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv33

Data protection: the key challenges

Deduplication is a foundational technology for efficient backup and recovery

rdc2

iPad makes its mark in the enterprise

The iPad can become a supercharged unified communications endpoint, allowing users to enhance their productivity

Litigation eDiscovery Analyst (DocuMatrix, Relativity, Introspect)

Litigation eDiscovery Analyst (DocuMatrix, Relativity...

C# .NET Developer (SQL, Algorithms, Data Algorithms, Artificial

C# .NET Developer (SQL, Algorithms, Data Algorithms...

Software Development Engineer

Develop: Customise: Configure. Maximise your technical...

Retail and Finance Application Developer and Support Analyst

MS Dynamics Nav: Retail and Finance Application Developer...
To send to more than one email address, simply separate each address with a comma.