Ransomware and Banking Trojans Target Skype Users
Security company GFI has discovered two new threats which cause danger to Skype users. One of them is ransomware which is spread via instant messages, and the other one is banking virus called Zeus, the latter is distributed using spam email. Chris Boyd, a security expert from GFI, claims that this is the first time ransomware is distributed using Skype messenger. The investigations concerning these malicious programs are still ongoing because some details concerning them haven’t been discovered yet. Fortunately, the basic concept of these viruses is clear, and the information was revealed to the public.
Developers behind the Zeus Trojan project use this kind of tactics. They create email letters which act like Skype voicemail notifications. The letter contains a link which supposedly leads to a website providing internet phone service. Unfortunately, instantly after the user has clicked on the link, his computer gets infected with Zeus Trojan. These attacks were discovered just after a report concerning the new ransomware was released. The ransomware is distributed using instant messages. Users get a message containing text “lol is this your new profile pic?” and a link. What is more, the link and text are provided by someone from your contacts, so it looks like a credible source. The written language of the text may differ according to the geographical region, thus making the scam even more believable.
When the user clicks on the link, a Trojan called Darkbot is being activated. It infects the computer instantly and connects the PC to the existing botnet of infected computers. Furthermore, The Darkbot Trojan will display a notification stating that all the files inside the computer are encrypted, and in order to regain control of them, the user has to pay 200 U.S. dollars in the upcoming 48 hours. According to the message if the requirements are not met those files will be deleted. The money transaction must be made using MoneyPak voucher. Users have to buy reloadable debit cards and then enter a certain code in order to transfer the money to the frauds.
The exact number of infected computers is still unknown, but it is believed that the Darkbot virus has done more damage, than the spam campaign. Statement released by Skype claimed that the company is aware of the situation. They reassured that measures were taken. Skype is trying to inform about these events all of its users, thus slowing down the spread of the malware. The company claims that it provides recommendations to the users about identification of legitimate Skype email letters.
Users should always act cautiously if the email letter asks for any personal data such as passwords or payment information. All suspicious activity should be reported to firstname.lastname@example.org. The data will be used for further investigations.