Botnet Infects Skype Users Who Click Picture Links
October 9, 2012

Botnet Infects Skype Users Who Click Picture Links

Michael Harper for — Your Universe Online

A good rule of thumb when surfing about this great wide web of ours: Be wary of what you click. More specifically, be particularly careful when the link alleges to lead to a picture.

If, for instance, you see a link promising a gruesome or shocking picture, such as a spider underneath someone´s skin, best not to click.

Skype users have recently been under attack with the promise of pictures of themselves, assumedly in compromising or silly positions. According to the Skype forum boards and several news sites, some Skype users are receiving messages with some sort of variation on “lol is this your new profile pic?” followed by a dangerous link. This link leads to a download on called “” Downloading and installing the file installs the “Dorkbot” worm, which not only enlists the computer in a botnet which carries out similar ad click-fraud, it also takes over the user´s Skype account and begins sending out these messages to their contact list.

Worse yet, Dorkbot also uses “Ransom Mode,” meaning it locks users out of their systems, encrypts all their data, and tells users everything will be deleted unless they pay $200 within 48 hours.

As this story picked up steam yesterday, Skype issued a statement concerning the Dorkbot worm, saying:

“Skype takes the user experience very seriously, particularly when it comes to security. We are aware of this malicious activity and are working quickly to mitigate its impact. We strongly recommend upgrading to the newest Skype version and applying updated security features on your computer. Additionally, following links — even when from your contacts — that look strange or are unexpected is not advisable.”

Dorkbot has recently made the rounds on Facebook and Twitter, with a similar gag, using promises of self-portraits as a way to enlist the user in its botnet.

Like any other similar attack, this tactic tricks more people than it should. Even those who may claim to be computer savvy could be undone by this attack. As the messages come from friends on a contact list, users may think that their friends are just making conversation.

Of course, any friend who asks about a profile picture could easily look it up or even make a comment about it, rather than sending a link.

Dorkbot has also been known to attach itself to any plugged in USB sticks, making it very easy to be passed around, especially in environments where file transfers via USB are common.

As for the Ransomware, security expert Graham Cluely with Sophos told Tech Crunch this tactic is becoming more common these days, likening it to “kidnappers shooting hostages one by one, if their demands aren´t met.”

“It´s really creepy, unpleasant behavior — and sadly becoming more common,” said Cluely.

It´s apparently worth mentioning again: Be careful where you click! If you´re sent a message from a friend or someone in your list of contacts and it reads just a little off kilter, best not to click. If you do receive a suspicious message from a “friend” containing a link, there´s also nothing wrong with asking this friend for clarification before clicking. A simple “LOLWHUT is that link you just sent me?” will be enough to foil any attack by such a bot.