API Security Testing for Dummies [Free eBook]
Security firm Trend Micro discovered a new worm targeting Skype users with spam messages designed to infect machines with the Dorkbot ransomware has been discovered. A malicious worm is taking advantage of the Skype API to spam out messages that link to a ZIP files ie. skype_06102012_image.zip or skype_08102012_image.zip, which is actually detected as Troj/Agent-YCW or Troj/Agent-YDC by Antivirus.
According to definition - Ransomware is a form of malware in which rogue software code effectively holds a user's computer hostage until a "ransom" fee is paid. Ransomware often infiltrates a PC as a computer worm or Trojan horse that takes advantage of open security vulnerabilities. Most ransomware attacks are the result of clicking on an infected e-mail attachment or visiting a hacked website.
The message contains the question:
According to definition - Ransomware is a form of malware in which rogue software code effectively holds a user's computer hostage until a "ransom" fee is paid. Ransomware often infiltrates a PC as a computer worm or Trojan horse that takes advantage of open security vulnerabilities. Most ransomware attacks are the result of clicking on an infected e-mail attachment or visiting a hacked website.
The message contains the question:
“lol is this your new profile pic? h__p://goo.gl/{BLOCKED}5q1sx?img=username”
or
“moin, kaum zu glauben was für schöne fotos von dir auf deinem profil h__p://goo.gl/{BLOCKED}5q1sx?img=username”
A list of worm files used in campaign:
hxxp :/ / goo.gl / SAOmJ
⇒ hxxp :/ / hotfile.com/dl/174771453/720762e/skype_03102012_image.zip.html
hxxp :/ / goo.gl / frbXD
⇒ hxxp :/ / hotfile.com/dl/174868532/a8009ef/skype_04102012_image.zip.html
hxxp :/ / goo.gl / agsIb
⇒ hxxp :/ / hotfile.com/dl/174887318/f59c5c2/skype_04102012_image.zip.html
hxxp :/ / goo.gl / AzaqI
⇒ hxxp :/ / hotfile.com/dl/175002041/debb544/skype_05102012_image.zip.html
hxxp :/ / goo.gl/QYV5H
⇒ hxxp :/ / hotfile.com/dl/175082698/230fce5/skype_05102012_image.zip.html
hxxp :/ / goo.gl / UPhHf
⇒ hxxp :/ / hotfile.com/dl/175180403/4b2da19/skype_06102012_image.zip.html
hxxp :/ / goo.gl/5q1sx
⇒ hxxp :/ / hotfile.com/dl/175339084/d951071/skype_08102012_image.zip.html
The executable installs a variant of the Dorkbot worm (also known as NRGbot), which appears to initiate large scale click-fraud activity on each compromised machine as well as recruiting it into a botnet. The Dorkbot variant infects the machine with ransomware that locks the user out and encrypts their files, before going on to charge them $200 to unlock the machine.
Ransomware is becoming an increasingly common tool in cyber criminals arsenal.
Few past news related to Ransomware:
or
“moin, kaum zu glauben was für schöne fotos von dir auf deinem profil h__p://goo.gl/{BLOCKED}5q1sx?img=username”
A list of worm files used in campaign:
hxxp :/ / goo.gl / SAOmJ
⇒ hxxp :/ / hotfile.com/dl/174771453/720762e/skype_03102012_image.zip.html
hxxp :/ / goo.gl / frbXD
⇒ hxxp :/ / hotfile.com/dl/174868532/a8009ef/skype_04102012_image.zip.html
hxxp :/ / goo.gl / agsIb
⇒ hxxp :/ / hotfile.com/dl/174887318/f59c5c2/skype_04102012_image.zip.html
hxxp :/ / goo.gl / AzaqI
⇒ hxxp :/ / hotfile.com/dl/175002041/debb544/skype_05102012_image.zip.html
hxxp :/ / goo.gl/QYV5H
⇒ hxxp :/ / hotfile.com/dl/175082698/230fce5/skype_05102012_image.zip.html
hxxp :/ / goo.gl / UPhHf
⇒ hxxp :/ / hotfile.com/dl/175180403/4b2da19/skype_06102012_image.zip.html
hxxp :/ / goo.gl/5q1sx
⇒ hxxp :/ / hotfile.com/dl/175339084/d951071/skype_08102012_image.zip.html
The executable installs a variant of the Dorkbot worm (also known as NRGbot), which appears to initiate large scale click-fraud activity on each compromised machine as well as recruiting it into a botnet. The Dorkbot variant infects the machine with ransomware that locks the user out and encrypts their files, before going on to charge them $200 to unlock the machine.
Ransomware is becoming an increasingly common tool in cyber criminals arsenal.
Few past news related to Ransomware:
➤ Read Latest Stories
Check Out These Free Cybersecurity Resources
Securely Integrate Open Source Into Your Software Supply Chain
Earn a Master's in Cybersecurity Risk Management
Exclusive Cybersecurity Deals
🔥 Learn Professional Hacking
10 courses + 1,236 lessons on latest techniques, forensics, malware analysis, network security and programming.
➤ Access Online Training Courses
🔥 Cybersecurity Certification Training
Get 1-year access to 108 hours of instruction on globally-recognized CISA, CISM, CISSP, PMI-RMP, and COBIT 5 certifications.
➤ Access Online Training Courses
📰 News Stories from 08 Oct, 2012