Skype users targeted –
Trojan horse through Email and Worms in instant messaging

News from Omniquad | October 10, 2012

Popular Internet Communications network, Skype has been targeted by internet fraudsters across multiple media in recent days with both a Trojan originating from scam emails, and worms affecting the Skype communication platform.

Trojan horse in Email claiming to be from Skype

An email purporting to come from Skype with subject heading “you have new voice mail”, claims that the recipient has a new voicemail and instructs users to log into their Skype account to listen to the message, by clicking on the link in the email.

The email seems to be genuine, it has similar body content and the official Skype logo that usually comes with legitimate skype voice mail alerts.

However the email is certainly not from Skype but designed to lure Skype users into clicking the malicious links provided in the fake alert and then unwittingly download a file containing a Trojan horse malware file.

This could open backdoor giving hackers access to hijack infected PCs and recruit them into a “botnet army” which are used to distribute further spam and malware. Botnets are often used to mount distributed denial of service (DDoS) attacks – forcing websites offline – to run spyware or to send out spam emails. Users can even be locked out of their machines and held to ransom.

Skype Trojan horse email

Skype Trojan horse email

Internet users should be very cautious of any unsolicited emails from service providers and financial institutions that ask them to click a link and provide personal information.

Skype users hit by Worm malware

If the sentence “lol is this your new profile pic?” – or similar – appears as an instant message from one of your Skype contacts, don’t click on the link attached to the message. If you click the link, it could launch the download of malicious software, a variant of the Dorkbot worm. When the worm infects a computer it sends out the “lol” message to the user’s contact list. The malware is therefore spreading fast, as curiosity gets the better of many users.

Skype said in a statement: “Skype takes the user experience very seriously, particularly when it comes to security. We are aware of this malicious activity and are working quickly to mitigate its impact. We strongly recommend upgrading to the newest Skype version and applying updated security features on your computer.”

What is Dorkbot Worm?

Worm.Dorkbot is a malicious worm that spreads through instant messaging services such as Windows Live, MSN, Skype and Yahoo! Messenger, and removable drives. This malicious worm also contains backdoor functionality, which will allow remote attackers complete access to the infected PC.

Some symptoms of Infection:

  • Block exe files from running,
  • Blocks internet connection,
  • Connects to the internet without permission (when the attacker wants access),
  • Normal system programs crash,
  • The PC is slow,
  • Slow internet connection,

The worm will also block connection to many popular security websites, such as Onlinemalwarescanner, Malwarebytes, AVG and Bitdefender to name a few.

How to stay safe using Skype

  • Dont click on an any unexpected or strange links (whether from an Email or instant message),
  • Ignore random comments from friends containing links to click,
  • Review your security settings,
  • Ensure you have the latest version of Skype installed,

If you haven’t already learnt this lesson, it is time to realise that you should always be wary of links shared by friends on social networks, whether it is Facebook, Twitter, or through Instant Messaging (such as Skype, Yahoo! or MSN) – after all, how can you tell it was a friend who sent it or a piece of malware on their computer?

P.S. Please tweet or share on Facebook to warn others about this scam.