The message contains a shortened link and a garden-variety phishing scam line: “Lol is this your new profile pic?”
Clicking the link triggers a ZIP file to download. Once the file is unzipped, a Trojan copies itself to the hard drive, opens up a backdoor and loads malware known as the Dorkbot worm from a remote server. Once on board, the worm enlists the compromised computer into a botnet.
The worm also has the potential to lock PC users out, holding their files for ransom unless they agree to pay the extortionists within a short period of time, Forbes reports.
According to related posts in the Skype community support network, the malware takes advantage of Skype’s programming interface in order to automatically blast the malicious link to all of the compromised accounts’ contacts.
The Dorkbot attack has been spreading over Facebook and Twitter for the past year, Sophos’ Naked Security blog reported. The attack can also spread via USB drives and other instant messaging services.
No matter what service, application or website you use to communicate, always do so safely. While we usually know who’s at the other end of a conversation, there’s no way to know for sure. Even messages from people you trust could contain malicious links. Your friend may not wish to harm you or your computer, but someone else with access to their account might.
This article originally published at TechNewsDaily here.& mashable.com