Betabeat » social media panic

Beware the Dorkbot: Skype Worm of Doom Holds Your Computer for Ransom [Updated]

Steve Huff — Mon, 08 Oct 2012 11:38:10 -0400

(Photo: Pro Hacking Tricks)

Hackers are spreading new malware attacks via Skype contact lists. Unassuming Skype users are lured into clicking on infected URLS from anxiety-inducing messages like, "lol is that you?" only to find their computer infected by a variation of the Dorkbot worm.

Don't let the funny name fool you. Dorkbot has a nasty mission. Infected computers may end up locked down and held for ransom:

[Dorkbot] appears to initiate large scale click-fraud activity on each compromised machine as well as recruiting it into a botnet. The infection will subsequently install a ransomware variant locking the user out of their machine, informing them that their files have been encrypted and that they will be subsequently deleted unless the unfortunate victim surrenders a $200 fine within 48 hours.

Skype users should use common sense if they receive one of these messages. Chances are, if you receive a message from your sixty-something mom that says, "lol wtf is that you in that pic dood," mom's account has been hacked.

UPDATE: A spokesperson for Skype gave us a statement regarding the the spread of malicious messages:

Skype takes the user experience very seriously, particularly when it comes to security. We are aware of this malicious activity and are working quickly to mitigate its impact. We strongly recommend upgrading to the newest Skype version and applying updated security features on your computer. Additionally, following links – even when from your contacts – that look strange or are unexpected is not advisable.

Beware Malicious Twitter DMs Directing to Facebook Videos

Steve Huff — Tue, 25 Sep 2012 12:27:53 -0400

A new malware attack via Twitter's direct messaging system apparently tries to lure unwitting users into clicking infected links that appear to go to a Facebook video. As Naked Security reports, the DMs are worded to provoke, using phrases like "you even see him taping u thats awful." Many people will impulsively click at that point. This is what happens next:

Users who click on the link are greeted with what appears to be a video player and a warning message that "An update to Youtube player is needed". The webpage continues to claim that it will install an update to Flash Player 10.1 onto your computer.

According to Naked Security, the program the page asks you to download actually contains a Trojan (Troj/Mdrop-EML) which can secretly spread to your computer and any shared drives on your network.

Enigma Software describes this trojan as a "parasite" and says users can tell if the malware has infiltrated their system if they have trouble opening Windows programs, particular software intended to root out spyware.

Disturbingly, it's not clear how the Twitter profiles used to send the malicious DMs were breached.

Naked Security recommends owners of compromised accounts change their passwords and study all the applications that currently have authorization to access your profile, revoking those you do not need.

Common sense should help as well--if a friend with an English degree sends you a DM reading, "haha look at u in this u look stoopid," chances are good their account has been hacked. Because really, we've had enough social media panic for the week.