Skype Virus Alert- Rogue Links Coming from Your EXISTING Contacts
Do you love Skype™ as much as I do? I use Skype on a regular basis to communicate not only with friends, but also clients and important business connections.
But what happens when you realize that one of your business associates, or even a family member sends you a link that infects your computer? That’s exactly what is happening. On October 8, 2012 a new virus affecting Skype users was discovered and it’s being reported all over the Web, including CNET, and Mashable.
Don’t believe for a second that your legitimate contacts are sending those links to you on purpose. It is very likely they they have been infected, and that they have no control whatsoever over their system. In fact, it’s possible that their computer is even being held under virtual lock-and-key for monetary ransom.
Read on to learn more about this unsettling Botnet Scam…
Beginning on or around March 15, 2011, numerous people reported that they were receiving virus scam calls on Skype from a robotic voice telling them that their computer is infected and to go to a website to buy a Fake Anti-Virus program to fix it.
Similarly, as of October 8th 2012, people have been allegedly receiving automated messages from what appear to be automated bots (Dorkbot Worm) with the socially-engineered message: ” Lol is this your new profile pic?” with a link to what might appear to be a legitimate zipped image to the layman.
This bot is very clever and spreads through a few computers to begin with, and then automatically targeted contacts in the infected user’s Skype contact list. As these contacts receive the automated messages, many of them wouldn’t think twice about opening the link because they are receiving the message and link from an established (possible credible) contact on their “friend” list.
If one were to click the provided link, they would download a .zip file. Upon extraction, an executable file could infect your computer. To many people, this would be a sign that something is wrong; however if they have extracted the file and their Anti-Virus system hasn’t kicked in and blocked the file, or it is a zero-day attack (no cure has been discovered yet), it is likely too late.
This virus is commonly known as “ransomware.” It essentially holds the victim’s computer hostage until the victim agrees to pay a fee of $200 to access his/her (now locked) filesystem within 48 hours.
Obviously this means that the perpetrator has full access to not only the victim’s personal files, but also any saved passwords the victim may have stored in their system. The malware (Worm Virus) has a multi-tasking feature designed to specifically steal usernames and passwords to social networking sites and PayPal accounts.
And to take it even further, this multi-tasking virus turns infected servers into “botnet” servers to perform DOS (denial of service) attacks on targeted websites, and continues to downloading further viruses on the (already infected) computer.
All Skype has said about this infection so far is that users need to keep Skype updated, along with computer system updates that one should be regularly maintaining. They also said not to click on any links that may look suspicious, even coming from your established contacts.
Once a user is infected, the virus will not only hijack the user’s system and hold the files for ransom while stealing the user’s passwords but will also begin to send similar messages over Skype to all people on the user’s contact list in order to keep the virus circulating.
The link being circulated is also socially-engineered to fool users into thinking that it is legitimate. The structure is as follows:
goo.gl/B463c?img=johnsmith – (link not clickable for your protection.)
Looking at the structure of the link, we first see that the URL appears to be a Google shortlink. Then we see some random numbers and letters in an alphanumeric format, which is characteristic of any typical link. The most socially-engineered part of the link is that the final portion appears to be an image (img), and also implies that the image (img) has something to do with the user in question (in this case, John Smith). This can easily fool even the most seasoned user into thinking that the link is legitimate.