Skype Houses Dorkbot Worm

Thursday, February 14, 2013 @ 01:02 PM gHale

The Dorkbot/Rodpicom worm, which spreads via messaging applications and leads to additional malware infections, is currently going out on Skype and MSN Messenger.

It all starts with potential victims receiving a direct message from a contact, asking “LOL is this your new profile pic?[removed]”. Those who follow the link land on a malicious site and end up infected with the worm, according to a report on Fortinet.

Mobile Ad Malware Toolkits on Rise
Defense Industry Spear Phishing Attack
Malware Spreads through Skype
Dorkbot Worm Goes Global

Apart from being able to send out the message to further potential victims, the malware is also capable of opening a backdoor into the infected system, downloading more malicious software, spamming, reaching out to its C&C server, downloading a new version of itself, and other malicious activities. The computer ends up taken over by a botnet and is ready to do the botnet master’s bidding.

The worm waits until the victims log into the chat app they use and then send out the messages. It is also able of changing the language of the message to be consistent with the language of the installed Windows operating system, making it more believable the message did go out from the user.

FortiGuard Labs researcher Raul Alvarez said the malware also has a number of evasive and obfuscation techniques aimed at hiding its existence from AV software and researchers.

Leave a Reply

You must be logged in to post a comment.