Saturday, March 2, 2019
Home / Malware / Dorkbot spreading via Skype

Dorkbot spreading via Skype

Hackers are spreading new malware attacks via Skype contact lists. Unassuming Skype users are lured into clicking on infected URLS from anxiety-inducing messages like, “lol is that you?” only to find their computer infected by a variation of the Dorkbot worm.

Don’t let the funny name fool you. Dorkbot has a nasty mission. Infected computers may end up locked down and held for ransom:

[Dorkbot] appears to initiate large scale click-fraud activity on each compromised machine as well as recruiting it into a botnet. The infection will subsequently install a ransomware variant locking the user out of their machine, informing them that their files have been encrypted and that they will be subsequently deleted unless the unfortunate victim surrenders a $200 fine within 48 hours.

Skype users should use common sense if they receive one of these messages. Chances are, if you receive a message from your sixty-something mom that says, “lol wtf is that you in that pic dood,” mom’s account has been hacked.

UPDATE: A spokesperson for Skype gave statement regarding the the spread of malicious messages:

Skype takes the user experience very seriously, particularly when it comes to security. We are aware of this malicious activity and are working quickly to mitigate its impact. We strongly recommend upgrading to the newest Skype version and applying updated security features on your computer. Additionally, following links – even when from your contacts – that look strange or are unexpected is not advisable.


About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

New FastPOS malware targeting Point-of-Sale systems

Experts have disclosed a new category of malware, labeled “FastPOS,” that has the ability to quickly …