You won't be laughing long if you click on the link that asks: "lol is this your new profile pic?" That's the message being distributed among Skype users, and it conceals malware that can harness your computer to a botnet.
It's a form of phishing, of course, tempting Skype IM users to interact with what appears to be a cheerful and harmless greeting from a friend. The malicious content of the messages was discovered by cloud security vendor TrendMicro, which reported Monday that the malware was "spreading fast."
The payload contained in the message is the charmingly named Dorkbot worm. The symptoms of infection can be "nasty," ranging from locking you out of your computer and demanding a ransom, to stealing user names and passwords for Websites.
Skype has acknowledged the presence of the threat and is working to mitigate its effects. Meantime, it offers advice that should be obvious: "following links -- even when from your contacts -- that look strange or are unexpected is not advisable."
Indeed, it's perturbing that enterprise and individual users still need to hear this kind of advice in 2012. I recently received messages -- not on Skype -- from Twitter contacts, giving me a big and fond "Hello!" I knew there was no precedent, or reason, for these people to be contacting me in this way. I deleted the messages without a second thought.
Surely we've all by now received completely uncharacteristic emails from friends who have had one of their accounts hacked. In most cases, these are obvious phishing attempts: Your aunt is unlikely to invite you to "Get a load of this deal." Or maybe she is, but you get my point.
Difficulty arises when neutral messages are received from recognized sources. Whether the Dorkbot IM fits this category depends, I suppose, on whether your friends are accustomed to beginning a sentence with "lol..." It's probably subtle enough to dupe many users, although it's currently unknown how many have fallen victim.
Another day, another threat. With Skype increasingly used as an enterprise tool, there are two takeaways for IT managers: Make sure employees are using the latest version of software like Skype, and reinforce the message that it's hard to automate solutions against phishing. User vigilance is the best defense.
— Kim Davis , Community Editor, Internet Evolution