14 DAY TRIAL // Last week, we learned that a Trojan was making the rounds on Skype via “lol is this your new profile pic” messages. The threat hasn’t died out and experts warn that it has gotten worse.
GFI Labs researchers promised to keep investigating the campaign and they did. They report that the infection spree has “taken an interesting twist.”
By this, they mean that the new executable file that’s being distributed doesn’t just take over the machine with the purpose of recruiting it into a botnet, but it also installs a version of the Dorkbot worm – a malicious element that specializes in large-scale click fraud.
And that’s not all. In the second part of the infection, the 2.0 version of the infamous BlackHole exploit kit is utilized to push a piece of ransomware that’s designed to encrypt the files stored on the infected computer.
“Your computer was recently used to visit websites prohibited on the territory of USA: to download mp3 files, child [adult content], torrents, gambling, illegal drugs and other illegal activity,” reads a message displayed on the screens of impacted machines.
The alert informs the victims that all their files have been encrypted and if they want to recover them they will have to pay a fine of $200 (154 EUR) via MoneyPak. In the meantime, in the background, click fraud attempts are taking place.
Trend Micro experts have also analyzed this particular campaign and they say that not only English-speaking users are targeted. They also saw a message designed for German internauts.
Security firms advise users to be cautious when presented with the “lol is this your new profile pic” or the “moin, kaum zu glauben was für schöne fotos von dir auf deinem profil” messages. In this particular campaign, the aforementioned pieces of malware can’t infect the computer as long as the link is not clicked and the downloaded executable file is not run.
Update. Skype representatives claim that they are aware of the malicious campaign and that they're currently working on mitigating its impact. More details and Skype's complete statement are available here.