Skype faced a wave of SPAM that spreads a dangerous Trojan called Worm.NgrBot (variant of the Dorkbot). Leading antivirus vendors Kaspersky Lab and Doctor Web confirmed the existence of a threat.
On Friday, many Skype users started receiving a malicious link created with the help of goo.gl service from their authorized contacts like close friends and relatives.
Virus infection occurs after clicking on the link, which usually says: “Lol, is this your new profile pic? “ Once following the link, the system boots ZIP-archive with malicious executable file. Then virus immediate adds the infected computer to a botnet. It can later use the machine to run DDoS-attacks.
Reports says most users also get so called Ransomeware that locks the computer completely.
It is important to stop the spread of a dangerous virus. To do this, turn off the management of other programs’ access to Skype. This feature can be found at the bottom of Skype Advanced Settings menu.
In addition to sending messages via Skype, Worm.NgrBot may spread through the messages in Facebook and Twitter.
There is no confirmed information on the scale of infection, but by its characteristics Dorkbot can be a real epidemic. It is believed that it started in the CIS countries in Eastern Europe
Experts warn users not to click any suspicious links, even if they come from well-known people. It is best not to use short links at all.
It is recommended to immediately update your antivirus database and run complete system scan.