The Hacker News Logo
Subscribe to Newsletter

Ransomware malware targeting Skype users

Security firm Trend Micro discovered a new worm targeting Skype users with spam messages designed to infect machines with the Dorkbot ransomware has been discovered. A malicious worm is taking advantage of the Skype API to spam out messages that link to a ZIP files ie. or, which is actually detected as Troj/Agent-YCW or Troj/Agent-YDC by Antivirus.

According to definition - Ransomware is a form of malware in which rogue software code effectively holds a user's computer hostage until a "ransom" fee is paid. Ransomware often infiltrates a PC as a computer worm or Trojan horse that takes advantage of open security vulnerabilities. Most ransomware attacks are the result of clicking on an infected e-mail attachment or visiting a hacked website.

The message contains the question:
“lol is this your new profile pic? h__p://{BLOCKED}5q1sx?img=username”
“moin, kaum zu glauben was für schöne fotos von dir auf deinem profil h__p://{BLOCKED}5q1sx?img=username”

A list of worm files used in campaign:
hxxp :/ / / SAOmJ
⇒ hxxp :/ /

hxxp :/ / / frbXD
⇒ hxxp :/ /

hxxp :/ / / agsIb
⇒ hxxp :/ /

hxxp :/ / / AzaqI
⇒ hxxp :/ /

hxxp :/ /
⇒ hxxp :/ /

hxxp :/ / / UPhHf
⇒ hxxp :/ /

hxxp :/ /
⇒ hxxp :/ /

The executable installs a variant of the Dorkbot worm (also known as NRGbot), which appears to initiate large scale click-fraud activity on each compromised machine as well as recruiting it into a botnet. The Dorkbot variant infects the machine with ransomware that locks the user out and encrypts their files, before going on to charge them $200 to unlock the machine.

Ransomware is becoming an increasingly common tool in cyber criminals arsenal.

Few past news related to Ransomware:

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.