Cyberattacks October 2012 Part (I) – Skype Viruses
You may be surprised that Skype could compromise your computer security. The more you know about these threats, the better prepared you will be.They are malware, so you should avoid them with just as much caution.
As soon as the worm has infected a system it tries to automatically spread itself by sending out a message to all the Skype contacts of the affected user. The message currently says:
“hey is this your skype profile pic?”
Then a link to the picture in question follows and at the end of each link the Skype nickname of the targeted user is included:
“http://xxxxxxxxxx.xxx/xxxxxx?image=%5BSkype nickname of target]” (Link removed)
Please be very careful when opening links that were sent to you by your friends and acquaintances.
If this warning didn’t reach you in time and your system has already been infected, you can join the discussions in the following thread in order to figure out how to get rid of the worm in its current version:
Since a couple of days, CERT Polska has also been taking an active role in disabling the Dorknet worm. A Polish security portal Niebezpiecznik.pl (article in Polish) mentioned that it also targets Polish users. We acquired a sample of this malware (called “Dorkbot”). This dropper was detected by 28 out of 44 antivirus used by the VirusTotal service:
Darkbot has a very wide range of spreading capabilities and has several different malicious behaviors. As is stated in other news reports, it is most widely present on Skype.
How can you protect yourself?
Firstly, please do not click on any links that seem suspicious to you. Remember that even your friends can be infected and become a part of a botnet. You also should have an updated antivirus software and operating system.
Samples malicious was named
- unpacked Dorkbot (unpacked.exe)
- (downloaded.exe) downloaded by Dorkbot.