Skype™ Users Please Read! Caution dangerous virus spreading through Skype messages. How to Fix Skype Virus – lol is this your new profile pic?
Do you love Skype as much as we do? Here at WPSecurityLock, our entire staff uses Skype on a regular basis to communicate not only with each other, but also with clients and important business connections.
But what happens when you realize that your business partner, or even a family member sends you a link that infects your entire system? That's exactly what is happening.
On October 8, 2012 a new virus affecting Skype users was discovered and it’s being reported all over the Web, including CNET, and Mashable.
Don't believe for a second that your legitimate contacts are sending those links to you on purpose. It is very likely they they have been infected, and that they have no control whatsoever over their system. In fact, it's possible that their computer is even being held under virtual lock-and-key for monetary ransom.
Read on to learn more about this unsettling Botnet Scam…
Last year:
Beginning on or around March 15, 2011, numerous people have reported that they've received virus scam calls on Skype from a robotic voice telling them that their computer is infected. [Read more…]
Now:
Similarly, as of October 8th 2012, people have been allegedly receiving automated messages from what appear to be automated bots (Dorkbot Worm) with the socially-engineered message: “Lol is this your new profile pic?” with a link to what might appear to be a legitimate zipped image to the layman.
We believe that the bot was cleverly spread through a few computers to begin with, and then automatically targeted contacts in the infected user’s Skype contact list. As these contacts receive the automated messages, many of them wouldn't think twice about opening the link because they are receiving the message and link from an established (possible credible) contact on their “friend” list.
If one were to click the provided link, they would download a .zip file. Upon extraction, an executable file would appear. To many people, this would be a sign that something is wrong; however if they have extracted the file and their Anti-Virus system hasn’t kicked in and blocked the file, or it is a zero-day file (no cure yet), it is likely too late.
This virus is commonly known as “ransomware”. It essentially holds the victim’s computer hostage until the victim agrees to pay a fee to access his/her (now locked) filesystem.
Obviously this means that the perpetrator has full access to not only the victim’s personal files, but also any saved passwords the victim may have stored in their system. The malware (Worm Virus) has a multi-tasking feature designed to specifically steal usernames and passwords to social networking sites and PayPal accounts.
And to take it even further, this multi-tasking virus turns infected servers into “botnet” servers to perform DOS (denial of service) attacks on targeted websites, and continues to downloading further viruses on the (already infected) computer.
All Skype has said about this infection so far is that users need to keep Skype updated, along with the system updates that one should be regularly maintaining. They also said not to click on any links that may look suspicious, even coming from your established contacts.
Once a user is infected, the virus will not only hijack the user’s system and hold the files for ransom while stealing the user’s passwords but will also begin to send similar messages over Skype to all people on the user’s contact list in order to keep the virus circulating.
The link being circulated is also socially-engineered to fool users into thinking that it is legitimate. The structure is as follows:
goo.gl/B463c?img=johnsmith – (hyperlink removed for your protection).
Looking at the structure of the link, we first see that the URL appears to be a Google shorturl. Then we see some random numbers and letters in an alphanumeric format, which is characteristic of any typical link. The most socially-engineered part of the link is that the final portion appears to be an image (img), and also implies that the image (img) has something to do with the user in question (in this case, John Smith). This can easily fool even the most seasoned user into thinking that the link is legitimate.
Skype Security and Computer Rescue Kit
Are you worried about getting infected? Not 100% sure that your security is in place and ready to kick any hacker zombie attacks? I've received many instant messages already from my contacts not only trying to share the link with me, but also got word from a few contacts reporting that they had received the link as well.
If you're unsure whether your Skype installation, your computer, or your network is secure, don't take any chances.
Want to ramp up your security in general to prevent these things from affecting you?
WPSecurityClub (a subdivision of WPSecurityLock) has prepared a kit featuring details on how to keep Skype, your computer, and your network secure. As a bonus, included is a document on emergency computer restoration in case anyone has already been infected. Additionally, a resource sheet will be provided with some key tools referenced in the documents and on the WPSecurityLock website.
Here’s what’s included in the Skype Security and Computer Rescue Kit:
- Computer Security Essentials: 7 Steps You Must Take to Protect Your Computer from Malicious Attacks
- Printable Emergency Virus Recover Plan for Windows Computers (Hang this by your computer in case of emergency.)
- Skype™ Safety Plan – Keeping your Skype Installation Secure
P.S. Please spread awareness to warn your family, friends and business connections. Use the social media icons below to share this post.
P.S.S. If you're an affiliate of WPSecurityLock, be sure to log-in and grab your affiliate link and a ready-to-go guest post to put on your website at https://wpsecuritylock.com/afflogin. If you're not an affiliate yet, join today at https://wpsecuritylock.com/affjoin.
Thank you for posting this. I’m sharing it with my clients and other service providers that I know use Skype.
Hey MaAnna,
We’re very glad to hear that you found the post useful. Also, thanks for sharing it; the more people that know this infection is spreading, the better!
Best,
-Michael Schultz
A big thanks for sharing this. I have friends, family and clients on Skype and I’ll be letting them all know. The fact that this new attack comes from existing contacts is going to catch a lot of people unawares and will cause a lot of damage – Skype security is without a doubt a wise investment. Again – thanks guys and girls!
Thank you for the detailed insight, Michael. When I first read the title of the post I actually though it may be in reference to the Skype scam that occured last year (featuring the automated voice call.) The fact that people are able to infect your system is frightening enough but to imagine that are unable to do so under the alias of a trusted contact and then hold your vital, personally stored information to random is terrifying. I hope that they find a ‘fix’ for this ASAP before too many people fall victim to it. Spreading the word via widely-read posts such as this should do a great deal in terms of raising awareness.
LOL, You should NEVER Run an Executable file from what was thought to be a picture
I am very upset, on Friday October 18th 2013 i loggedon to a site that said they could help me restore my eamil and they started working on my computer and messed it up and charged me 200.00 to bank card and my computer is worst and i will be turning this over to better bureau and my atorney because i can not call them on the muber they called me on and i need my money refunded to my account and now because i am taking my computer to a cmputer person now for fix it. and i command to returned my 200.00 now my attorney will find a way to contact you.