Windows Skype users are advised to take precautions against a worm spamming out messages with links to Trojan horse files.
As Trend Micro security research & communication director Rik Ferguson pointed out, some Skype users have recently been receiving some interesting bait in the form of fraudulent messages from friends. The messages read “lol is this your new profile pic?” and contain a link to download ZIP files with names such as skype_06102012_image.zip or skype_08102012_image.zip. A German language variant is circulating as well, leading to the same links.
These files then execute Trojans that open a backdoor for hackers to exploit. The malware, which is a variant of the Dorkbot worm, can steal personal data, recruit user computers into a botnet and subject users to ransomware attacks, analysts warned. Trend Micro reported it had blocked 2800 associated files within the first 24 hours of discovery.
The Sophos Naked Security blog noted a significant proliferation of Dorkbot variants over the past year, spreading via Facebook, Twitter, USB sticks and some instant messaging programs. Skype users may be particularly vulnerable since they are less accustomed to dealing with malicious links than Facebook users, for instance, who are no strangers to Internet security scares.
Nonetheless, InfoWorld suggested that Skype has displayed vulnerabilities in the past, such as a cross-site scripting flaw that allowed hackers to change a user’s password and completely hijack accounts. Other weaknesses included privacy flaws that allowed even unskilled hackers to track user locations and peer-to-peer file sharing activities.
A Q2 2012 report by Zenprise noted that Skype is one of the most commonly blacklisted apps among enterprises. Skype also experienced a zero-day vulnerability in its Mac client in 2011 and suffered from a glitch in July 2012 that occasionally sent instant messages to unintended users.
The Internet communications company issued a statement responding to this most recent attack, which urged users to update their software and take precautions.
“We are aware of this malicious activity and are working quickly to mitigate its impact,” a company spokesperson said. “We strongly recommend upgrading to the newest Skype version and applying updated security features on your computer. Additionally, following links – even when from your contacts – that look strange or are unexpected is not advisable.”
Security researchers at GFI Labs noted that, while many of the links contained in the messages are being rapidly disabled, the hackers behind the worm appear to be creating new traps just as fast, taking advantage of the Google URL shortening service to make them appear more innocuous. Users should take standard data protection precautions by avoiding suspicious links.
Security News from SimplySecurity.com by Trend Micro