Localized Dorkbot malware variant spreading across Skype

Localized Dorkbot malware variant spreading across Skype

Summary: Security researchers from Avast have intercepted a currently spreading Darkbot malware campaign, that's affecting millions of Skype users.

SHARE:
TOPICS: Security
25
language-version-Skype-malware

Security researchers from Avast have intercepted a currently spreading Darkbot malware campaign, that's affecting millions of Skype users.

The malware spreads by messaging all of your contacts with a bogus "new profile picture message". It targets all the major Web browsers, and is also capable of distributing related malware such as Ransomware/LockScreen, as well as steal accounting data for major social networking services such as Facebook, Twitter, as well as related services such as GoDaddy, PayPal and Netflix.

What's particularly worth emphasizing on in regard to this malware variant, is that the messages used by the cybercriminals behind it have been localized to 31 different languages, with the malicious attackers relying on the GetLocaleInfo API function to ensure that they've properly geolocated the host.

Thanks to the rise of "cultural diversity on demand" services, literally each and every cybercriminal can embed professionally translated messages within their campaigns, potentially increasing the probability of having a potential victim click on these messages, and most importantly trust them, and their sender.

Users are advised to ensure that they're running the latest version of their third-party software, browser plugins, ensure that the URL they're about to click on hasn't already been flagged as malicious, and take advantage of application sandboxing techniques to avoid direct exploitation of their host.

Find out more about Dancho Danchev at his LinkedIn profile.

Topic: Security

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

25 comments
Log in or register to join the discussion
  • Dorkbot?

    Typo? If not, kudos, that was funny.
    toddbottom3
    • Not a typo...

      this threat has been published elsewhere as 'Dorkbot' - probably already the popular name.
      JCitizen
  • VERY NICE....

    Skype doesn't get viruses until M$ buys it...lovely.

    Next week they are set to release onto the world a virus of their own called Windows 8.

    Please Microsoft, let this be the last turd that ever falls from Redmond's arse!
    orandy
    • that's true

      that's true
      shellcodes_coder
    • SPoken like a true troll

      This type of stuff has plagued Skype and other messenger programs for years but you already knew that and just want to spread your hatred.
      bobiroc
  • That API is Windoze specific

    So Linux and Mac users are not affected lol
    shellcodes_coder
  • Localized Dorkbot malware variant spreading across Skype thanks to

    none other than Microsoft and just think Skype is now pre loaded on all new Surfaces & Windows 8..............what will they think of next......built in Malware....who would have thunk it coud ever happen......and its just in time for Christmas.

    I'll bet Loverock Davidson pulled a few strings to get this done .....your the man ......thanks Lovie
    Over and Out
  • Microsoft Windows: An unacceptable level of risk

    One more example.
    Dietrich T. Schmitz + Your Linux Advocate
  • Oh no . . .

    . . . not a security flaw in a windows product. This makes, what, 30,000? More?
    sporkfighter
    • What security flaw?

      http://threatpost.com/en_us/blogs/dorkbot-now-worming-its-way-through-skype-100812

      "Clicking the link opens a .zip file that contains “skype_02102012_image.exe.” Unzipping the file opens a backdoor and installs the Dorkbot worm."

      You have to open a .zip file, extract an executable, run it, dismiss the warning that this came from an untrusted source, and then give it admin privileges.

      In other words, this would work just as well in Linux and OS X unless you are now going to claim that these OSs do not have the ability to run applications when the user begs and pleads the OS to run that application?
      toddbottom3
      • And more from same source

        "Trend Micro earlier today noted hundreds of detections across various countries"

        A trojan that has infected 100s of computers in the world?

        Wow. How many 0s would you need between the 0. and the 1% to describe the percentage of users that have requested to be infected with this trojan? Don't forget MacDefender infected hundreds of thousands of OS X machines through yet another OS X security vulnerability.
        toddbottom3
  • Localized Dorkbot malware variant spreading across Skype

    Hilarious! ZDNet posters don't know the difference between an application and the Microsoft Windows OS. Its best for them to stop posting before they look even more foolish.

    As for the malware the signatures in the antivirus have already been updated and this requires a user to click a link. I consider this threat contained and pretty much eliminated by this point.
    Loverock Davidson-
    • Hilarious! ZDNet posters don't know the difference between an application..

      "and the Microsoft Windows OS"

      No, we know the difference, we know that (as usual) this malware threat only effects windows.

      "As for the malware the signatures in the antivirus have already been updated and this requires a user to click a link"

      Wow, windows security really has improved over the years hasn't it? now to get infected with malware the user has to go through the arduous task of clicking on a link, no wonder windows users have to use third party software to try and keep their PC's safe.
      guzz46
  • And the answer is

    "No, we know the difference"

    Read the above posts before mine and you will see that no they don't know the difference.


    "Wow, windows security really has improved over the years hasn't it? now to get infected with malware the user has to go through the arduous task of clicking on a link, no wonder windows users have to use third party software to try and keep their PC's safe."

    You are right, it has improved tremendously since the early days of Microsoft Windows 9x. A user has to go out of their way now to get infected. Users have to rely on 3rd parties because when Microsoft said it was going to build in some security features into the kernel the 3rd party antivirus companies threw a fit. So blame them, not Microsoft or its users.
    Loverock Davidson-
    • Crap ZDNet forums

      If only ZDNet could build a basic forum that would actually work properly.
      Loverock Davidson-
      • Now there's a useful conversation

        ZDnet has a number of problems with its latest forum and blog software.

        When finishing an article, the browser back function always brings you back to list of the first displayed articles, forcing you to scroll to the bottom, hit the View more articles (sometimes a number of times) to return to where you were in the list.

        There's no editing.

        There's no formatting.

        I believe bloggers are still paid on number of posts, which explains the flame bait titles and articles.

        You can't vote down articles. I know this can turn into voting wars, but it does tend to cause irrelevant and troll posts to disappear.

        Perhaps the critical bloggers could redirect their attention to their own platform?
        Tony_McS
    • A user has to go out of their way now to get infected

      So clicking on a link is going out of the way is it?

      "Microsoft said it was going to build in some security features into the kernel the 3rd party antivirus companies threw a fit. So blame them, not Microsoft or its users."

      You heard it from Loverock himself, microsoft places the needs of antivirus companies before the needs of it's users.
      But we Linux users have always known that microsoft doesn't care about its users security, all microsoft cares about is making more $$$.
      guzz46
      • Hah!

        You rag on Microsoft Windows security but you admit to using linux LOL!! How about that telnet port being wide open which is too funny. Microsoft cares greatly about its security which is why it had the trustworthy computing initiative, secure coding, file permissions, access rights, security zones, and the list goes on and on. You don't see any of that in linux. Also, the antivirus companies would have went to the DOJ if Microsoft built in their own security. So yes, you heard it from me, Microsoft Windows security beats linux in just about every way as I just proved.
        Loverock Davidson-
        • You rag on Microsoft Windows security

          That's because it sucks, you even admitted it yourself when you said "and this requires a user to click a link" so how come all those "apparent" security features you mentioned can't prevent users from getting infected with malware when they simply click a link?

          Plus how can windows even have all those "apparent" security features you mentioned when microsoft doesn't even build security into their own OS? you said it yourself remember "antivirus companies would have went to the DOJ if Microsoft built in their own security"

          So to sum things up, all windows users have to do to get infected with this malware is click a link, microsoft cares more about antivirus companies than they do about their own users, and microsoft doesn't even build security into their own OS.

          You're doing a great job showing the benefits of using Linux over windows Loverock, keep up the good work my friend.
          guzz46
        • Loverock Davidson even you after all these years has to be wondering WHY

          Microsoft hasn't gotten security right for a longer period of time. You have to wonder why the hackers always seem to find a way around everything Microsoft with all their money and everything all these third party antviruss companies with all their money attempt to do. WHY IS THAT?

          Lovie you didn't prove anything by saying "trust worthy computing,etc" is better or beats anything Linux has done....................ALL YOU POINTED OUT is that WITH all these efforts that Microsoft has tried, THEY have failed to make Windows secure for there customer base for any legenth of time.

          Lovie even you must understand the fact that Microsoft is a total failure at keeping their customer base secure at some point in time. Go look at hunders of security up dates and that come back and tell me WHY its so easy to hack into Windows...........the simple fact is any windows operating system has always been easy to hack..........and Lovie not even you with all your BS can dispute that fact .................as they say END OF STORY
          Over and Out