If you use Skype, you’ve likely been privy to an odd message coming from some of your contacts that says, “lol is this your new profile pic?” The explosion of this Trojan through various gaming communities was covered by SiliconANGLE earlier; but now Trend Micro’s malware labs have identified the malware as a variant of DORKBOT.
Users of Trend Micro’s product are already protected from this sort of intruder and the company has detected and blocked more than 6,800 associated files since Sunday.
The malware may have a silly name–but it has quite the sinister intent, so it’s best to make sure you have your anti-virus definitions up to date to stay safe. Over the weekend, Trend Micro’s labs delved further into the functionality of the Trojan.
The Trojan is a type of malware that identifies as WORM_DORKBOT.DN. Once infection sets in, the malware allows an attacker complete control of the targeted system with capabilities including password theft, ransomware, and even the ability to launch a DDOS attack from the system. As a Trojan this can be used to act as spyware or even turn the users computer into a botnet zombie; of course, it also means that the controller can download whatever other malware they desire to the infected computer.
Aside from the payload is separate infector malware that acts as the vector by which the Trojan spreads. It acts by reading the Skype contact list and sending the infections “lol is this your profile pic?” message and link to every contact—after it exhausts the list, it begins the cycle anew.
Trend Micro also noticed that it uses localization based on the geolocation of the system to choose the language of the message—this is why I received the message in Cyrillic from a Russian friend of mine.