A malicious worm spreading through Skype instant messages threatens to take control of a victim's machine and hold its contents for ransom.
The issue, which was first brought to light Friday by GFI, tricks users into downloading a ZIP file by displaying the socially-engineered message, "lol is this your new profile pic?" along with a link that also spreads the message to other Skype users. The ZIP filed contains an executable file that installs a variant of the Dorkbot worm and creating a backdoor via "Blackhole," an exploit kit used by criminals to infect computers through security holes.
The backdoor allows a remote attacker to take control of the machine and install the ransomware, a malicious application that locks the user out of the computer via password or encryption and demands a payment, or ransom, in exchange for its contents. This particular strain demands a payment of $200 within 48 hours or risk having their files deleted.
PC users are also presented with a screen (see below) that claims the computer has been used to visit sites of a nefarious nature, including the downloading of MP3s, illegal pornography, gambling, and illegal drugs, and threatens to send that information to the "special Department of US government" via a program called "System Cleaner," which it claims was developed by the U.S. government "to prevent crime and illegal activity on the Internet."
The malware also employs click fraud, imitating legitimate user behavior by clicking on ads to generate revenue for its authors. And it's not a few clicks; GFI said in a 10-minute span it recorded 2,259 transmissions.
Skype said it is investigating the matter and recommends upgrading Skype versions and making sure the machine's security software is up to date.
"We are aware of this malicious activity and are working quickly to mitigate its impact," the company said in a statement. "We strongly recommend upgrading to the newest Skype version and applying updated security features on your computer. Additionally, following links -- even when from your contacts -- that look strange or are unexpected is not advisable.