14 DAY TRIAL // The malicious “lol is this your new profile pic” campaign that has been doing the rounds for the past few days on Skype seems to have been improved once again.
Kaspersky experts say that judging by the Google URL Shortener service, the attack surfaced on October 6. The same stats (see screenshot) reveal that over 1 million users clicked on the short links.
The most worrying part is that, initially, only 2 of the 44 antivirus engines present on VirusTotal positively identified the threat. Currently, the number has increased to 27, but that’s still somewhat low, which means that many of the 1 million users who clicked on the links may be infected.
That’s not the only news about this campaign. The cybercriminals that have launched it have translated the “lol is this your new profile pic” into many languages – including Latvian and Spanish – to ensure that as many internauts as possible fall for the scheme.
Furthermore, the malware – Trojan.Win32.Bublik.jdb (Kaspersky) or WORM_DORKBOT.DN (Trend Micro) – is capable of taking control of the affected machine.
Ransomware and click-fraud are not the only issues anymore. The threat is also capable of stealing passwords associated with adult websites, file lockers, online banking and social media, including PayPal, Yahoo, Facebook, Netflix, The Pirate Bay, GoDaddy, and eBay.
According to Trend Micro, it can also command the computer to launch distributed denial-of-service attacks.
Last, but not least, Kaspersky experts have found that the Trojan doesn’t spread only via Skype.
“The Trojan has an autorun functionality to spread via USB devices. It’s able to spread via MSN Messenger too and all locally saved Skype passwords on the same infected machine by switching automatically between available accounts,” Kaspersky Lab Expert Dmitry Bestuzhev explained in a blog post.