Spam Mails Supposedly from Skype Drop Ransomware

Security researchers have discovered one new PC-worm that strikes people using Skype through malicious bulk e-mails for delivering ransomware named Dorkbot onto the infected systems, reports V3.co.uk dated October 8, 2012.

The discovery, attributed to Trend Micro a security company, was made on 8th October 2012 when complaints about many fake e-mails with malevolent web-links started coming to the company.

The e-mails queried the recipient whether it was his updated profile pic after which the web-links were placed.

These notably, planted Dorkbot, whose other name is NRGbot onto the end-user's computer.

But, the infection doesn't end here. For, in the next stage, the notorious BlackHole attack toolkit of version 2.0 is used for thrusting a ransomware worm, which encrypts the affected PC's saved files.

A message appears in front of the computer-user that his system has been lately utilized for accessing websites banned inside USA so as to take down mp3 files, adult or child pornography; accessing gambling and torrent sites; and downloading unlawful medication or pills as well as conducting more illegal activity.

The alert in particular tells that each and every file of the impacted computer-user has been encrypted, while restoring them will require him to pay USD200 (EUR154) as fine through MoneyPak.

Meanwhile, remarking about the assault, Christopher Boyd, Senior Threat Researcher at GFI stated that if the file was run it resulted in its own elimination while the contaminated computer would start making requests towards acquiring Domain Name System (DNS) from several URLs, particularly those ending with '.kz,' '.com' and '.pl.' Moreover, linking up with IRC channels were also seen vis-à-vis the inter-connected Web-traffic that was getting investigated further. Needless to say that having been included within a hijacked systems' network wouldn't prove anything better for the end-user, Boyd argued. Threatpost.com published this on October 8, 2012.

Overall, although the threat isn't any good for a system, it continues to struggle hard for infecting the maximum possible end-users despite being shutdown in rapid intervals.

However, following the incident, Skype stated that it was aware of the sinister operation going on and was fast doing the needful for lessening its impact.

Related article: Spam Scam Bags a Scottish Connection

» SPAMfighter News - 10/15/2012