You won't be laughing long if you click on the link that asks: "lol is this your new profile pic?" That's the message being distributed among Skype users, and it conceals malware that can harness your computer to a botnet.
It's a form of phishing, of course, tempting Skype IM users to interact with what appears to be a cheerful and harmless greeting from a friend. The malicious content of the messages was discovered by cloud security vendor TrendMicro, which reported Monday that the malware was "spreading fast."
The payload contained in the message is the charmingly named Dorkbot worm. The symptoms of infection can be "nasty," ranging from locking you out of your computer and demanding a ransom, to stealing user names and passwords for Websites.
Skype has acknowledged the presence of the threat and is working to mitigate its effects. Meantime, it offers advice that should be obvious: "following links -- even when from your contacts -- that look strange or are unexpected is not advisable."
Indeed, it's perturbing that enterprise and individual users still need to hear this kind of advice in 2012. I recently received messages -- not on Skype -- from Twitter contacts, giving me a big and fond "Hello!" I knew there was no precedent, or reason, for these people to be contacting me in this way. I deleted the messages without a second thought.
Surely we've all by now received completely uncharacteristic emails from friends who have had one of their accounts hacked. In most cases, these are obvious phishing attempts: Your aunt is unlikely to invite you to "Get a load of this deal." Or maybe she is, but you get my point.
Difficulty arises when neutral messages are received from recognized sources. Whether the Dorkbot IM fits this category depends, I suppose, on whether your friends are accustomed to beginning a sentence with "lol..." It's probably subtle enough to dupe many users, although it's currently unknown how many have fallen victim.
Another day, another threat. With Skype increasingly used as an enterprise tool, there are two takeaways for IT managers: Make sure employees are using the latest version of software like Skype, and reinforce the message that it's hard to automate solutions against phishing. User vigilance is the best defense.
... is that even if we're aware, vulnerable family members like parents will always be at risk. The only thing we can do is try to educate them and HOPE they listen.
You said it! Hackers and spammers will stop at nothing to try to get you to click on a single link that could potentially compromise your entire system and your online accounts. One thing that gives them away when they send random IMs is the username. They're usually a bunch of random words put together with more random numbers inserted in between.
I think what users should keep in mind is, if you're unsure or if something looks suspicious, don't click on anything! You'd be amazed (or should the word be 'surprised'?) at the damage a single click could do.
So it wasn't just me, LOL. I have been receiving those 'PayPal - Please reactivate your account' or 'Your account has been frozen' these past few weeks. For me, several things gave them away (aside from the fact that I could access my account with no problems):
- Their email was from an [at] peypal address. - They addressed their email as "Dear PayPal Customer," but PayPal usually addresses the user by name. - The content of the email itself. Doesn't sound very professional.
But for those who don't really pay attention and click away, then that's the problem right there.
Same here, Kim. I opened a Paypal account that lay dormant for awhile, but shortly after I became active with it I received a whole slew of emails saying that my account was frozen and I had to provide 'x' information to unlock it. Probably would've been pretty convincing, except that I was able to log into my paypal and maneuver just fine.
Surely it's an OS security flaw if following a link can bring an entire system to its knees? Skype (or any other app) is just the distribution method, but URLs should not be so dangerous or computers should not be so fragile....
Chris, I spend a large part of most days sending verification replies to emails announcing that I have won a series of lotteries. The results, so far, have been disappointing.
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
When David E. Sanger of The New York Times broke the news that the United States was responsible for the Stuxnet malware exploit against Iran's nuclear program, Senator John McCain accused the administration of deliberately leaking the story to enhance President Obama's national security record.
The Gamma Group's business of supplying surveillance technology exclusively for use by government agencies may be legitimate. But not when it poses as the popular, free, open-source web browser Firefox.
Yesterday's hack of the official Associated Press Twitter feed demonstrated the enormous risk attached to the platform's lazy, single factor approach to security.
Cybercriminals don't hesitate when they see an opportunity to spread malware. Not even when it means exploiting as horrific an event as the Boston Marathon bombing.
The sooner purveyors of cloud computing services can pass muster, security-wise, with financial services companies, the sooner cloud computing will really go mainstream.
The release of Microsoft's newest OS raises the question of the company's relevance in an era when Google dominates applications and search, and Apple runs circles around Redmond with its gadgets and user interfaces.
In the final episode of this series about the death of Internet anonymity, Saunders describes how the Internet of the future will start to attain a level of intelligence that requires no human intervention. Scary.
What can users today do to protect their online privacy? The simplest and most obvious option is to not use the Internet – at all. However, once all digital information is consolidated over the Internet, trying to protect digital identity by simply unplugging from the Internet becomes impossible – a fact that has manifest implications for civil liberties, Saunders says.
By 2011 the number of Internet-connected sensors will exceed 1 trillion, making your chances of doing anything or going anywhere unnoticed pretty much zero. Saunders talks about how the 'sensortization' of the Internet is eliminating the traditional divide between online and offline populations.
The 20th Century Internet was characterized by the ability to interact with other people and information on the Internet largely without anyone knowing who you were. The Internet of this century, conversely, will be defined by identity. Saunders explains how Internet users are unwittingly contributing to the demise of the anonymous Internet.
It is 20 years since the invention of the World Wide Web, and the Internet has changed beyond recognition since then. Steve Saunders peers into the future to predict what the Web will look like in another 20 years time – and he doesn’t like what he sees.
Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
New York's Metropolitan Transit Authority is conducting a pilot test of digital kiosks to guide subway users to where they want to go more efficiently and at lower cost.
The whole Amazon.reader debate is a double-stupid. It's stupid to think that there's any e-book buyer who doesn't know Amazon's URL, and it was stupider to let ICANN launch the whole free-form TLD initiative to start with.
While NFC's original goal was to enhance mobile commerce applications, it is finding its way into a number of other uses, which is creating both opportunity as well as challenges for IT departments.
Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Edmunds separates customers into segments based on the info it collects on its site and from partners, and uses that to push out custom content, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
The automotive website uses propensity modeling to target ads and customer registration forms, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
Expert Integrated Systems: Changing the Experience & Economics of IT In this e-book, we take an in-depth look at these expert integrated systems -- what they are, how they work, and how they have the potential to help CIOs achieve dramatic savings while restoring IT's role as business innovator. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?
To save this item to your list of favorite Internet Evolution content so you can find it later in your Profile page, click the "Save It" button next to the item.
Email This
