skype, instant messaging, malware

A worm is sending messages through Skype instant messaging service, according to the security firm Sophos. The messages, which exploit Skype’s API to proliferate, pose as links to photos of the recipient. But they ultimately turn the user’s machine into part of a botnet.

The worm’s authors prey on users’ egos to get them to click. A suspicious message may read, “LOL is this your new profile pic?”, and the accompanying link may also include the recipient’s user name.

But, instead of a photo, the link leads to a ZIP file that installs a Trojan horse. The Trojan horse in turn opens a backdoor to the user’s machine, letting a hacker in to connect the computer to a botnet. According to Sophos, the user may then be forced to pay ransom for their data. LOL, right?

The infection scheme works only on machines running Windows OSs. The same family of malware, called Dorkbot, has previously exploited Facebook’s instant messaging system.

Image by iQoncept via Shutterstock.