A malicious worms spreading through Skype called the Dorkbot Worm threatens to can take control of a victim’s machine and hold its contents for ransom.
Using a social engineering attack displays a message
The file being offered up is most commonly known as skype_02102012_image.exe.
Running the file will cause it to self-delete and infected the PC with the Dorkbot worm which does a DNS redirect. The Trojan name is called Trojan.Win32.Generic!BT and creates a backdoor via the Blackhole exploit. The link spreads the message to other Skype users as well. The Trojan redirects to number of URLs .pl, .kz, and IRC channels.
The redirect locks the user out of the computer and demands a payment in exchange for the computers contents. The picture below displays what the screen will look like.
This particular screen demands a payment of $200 within 48 hours or risk having their files deleted. The malware also employs click fraud, imitating legitimate user behavior by clicking on ads to generate revenue for its authors. This is very similar to the FBI warning fraud message that we posted about a few months ago.
Skype (which is owned by Microsoft now) released an official statement
“Skype takes the user experience very seriously, particularly when it comes to security. We are aware of this malicious activity and are working quickly to mitigate its impact. We strongly recommend upgrading to the newest Skype version and applying updated security features on your computer. Additionally, following links – even when from your contacts – that look strange or are unexpected is not advisable”
One thing to remember this is not a Skype security whole. This is just a hacker using Skype as a delivery method to infect your machine with a trojan. This has been done on other Instant Messaging software for years just Skype being as popular as it is right now is spreading this worm fast. There have been reports of 400 infections in less than 12 hours.