Security firm Trend Micro discovered a new worm targeting Skype users with spam messages designed to infect machines with the Dorkbot ransomware has been discovered. A malicious worm is taking advantage of the Skype API to spam out messages that link to a ZIP files ie. skype_06102012_image.zip or skype_08102012_image.zip, which is actually detected as Troj/Agent-YCW or Troj/Agent-YDC by Antivirus.

According to definition - Ransomware is a form of malware in which rogue software code effectively holds a user's computer hostage until a "ransom" fee is paid. Ransomware often infiltrates a PC as a computer worm or Trojan horse that takes advantage of open security vulnerabilities. Most ransomware attacks are the result of clicking on an infected e-mail attachment or visiting a hacked website.

The message contains the question:
“lol is this your new profile pic? h__p://goo.gl/{BLOCKED}5q1sx?img=username”
or
“moin, kaum zu glauben was für schöne fotos von dir auf deinem profil h__p://goo.gl/{BLOCKED}5q1sx?img=username”

A list of worm files used in campaign:
hxxp :/ / goo.gl / SAOmJ
⇒ hxxp :/ / hotfile.com/dl/174771453/720762e/skype_03102012_image.zip.html

hxxp :/ / goo.gl / frbXD
⇒ hxxp :/ / hotfile.com/dl/174868532/a8009ef/skype_04102012_image.zip.html

hxxp :/ / goo.gl / agsIb
⇒ hxxp :/ / hotfile.com/dl/174887318/f59c5c2/skype_04102012_image.zip.html

hxxp :/ / goo.gl / AzaqI
⇒ hxxp :/ / hotfile.com/dl/175002041/debb544/skype_05102012_image.zip.html

hxxp :/ / goo.gl/QYV5H
⇒ hxxp :/ / hotfile.com/dl/175082698/230fce5/skype_05102012_image.zip.html

hxxp :/ / goo.gl / UPhHf
⇒ hxxp :/ / hotfile.com/dl/175180403/4b2da19/skype_06102012_image.zip.html

hxxp :/ / goo.gl/5q1sx
⇒ hxxp :/ / hotfile.com/dl/175339084/d951071/skype_08102012_image.zip.html

The executable installs a variant of the Dorkbot worm (also known as NRGbot), which appears to initiate large scale click-fraud activity on each compromised machine as well as recruiting it into a botnet. The Dorkbot variant infects the machine with ransomware that locks the user out and encrypts their files, before going on to charge them $200 to unlock the machine.

Ransomware is becoming an increasingly common tool in cyber criminals arsenal.

Few past news related to Ransomware:

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.