According to forum thread on Skype.com and multiple reports from security firm, the worm ‘Darkbot’ is infecting users through random links sent to their accounts. Facebook and Twitter have been previously infected with this worm which is known to send out messages that use social integration and entices the user to click on links.
According to TechCrunch, “if anyone has ever tweeted or messaged you with some variation on “lol is this your new profile pic?” followed by a link, that could have been the Dorkbot worm in action.” If it were me, I would definitely go take a look at that link because I wouldn’t want snaps of me floating the world wide web.
Rik Ferguson, researcher at Trend Micro has referred to this worm as “spread fast”. He says users have seen messages in both English and German, and links point to a download on Hotfile.com labeled as “Skype_todaysupdate.zip,” containing the payload.
What the worm does is, after the payload and compromising the machine it joins the machine to a botnet and locks users out of their computer. Previously it was only going after the user’s credentials only, the new one however is very cheeky. Users are informed that their files have been encrypted, and are warned they’ll be deleted if they don’t pay $200 within 24 hours.
Sophos and Trend Micro are both reminding users not to click on these links, no matter how attractive the message before it is.
Skype says that they are aware of “this malicious activity and are working quickly to mitigate its impact. We strongly recommend upgrading to the newest Skype version and applying updated security features on your computer. Additionally, following links – even when from your contacts – that look strange or are unexpected is not advisable.”
Trend Micro has updated their news adding that over “400 detections in less than 12 hours, across every continent with a relatively even spread.”