Ransomware “Dorkbot,” which has previously attacked both Twitter and Facebook, through messages that use social engineering tactics lead users into clicking on links has not infected Skype according to reports from Trend Micro and other security firms, as well as from a forum thread on Skype.com.
Affected users receive messages from friends in their Skype contact lists with some variation on “lol is this your new profile pic?” along with a link. Researcher Rik Ferguson says on Trend Micro’s blog that users have seen messages in both English and German, and links point to a download on Hotfile.com labeled as “Skype_todaysupdate.zip,” containing the payload.
“The executable installs a variant of the Dorkbot worm (also known as NRGbot), which appears to initiate large scale click-fraud activity on each compromised machine as well as recruiting it into a botnet. The infection will subsequently install a ransomware variant locking the user out of their machine, informing them that their files have been encrypted and that they will be subsequently deleted unless the unfortunate victim surrenders a $200 fine within 48 hours.” he adds.