Trustwave's 2024 Financial Services Threat Reports Highlight Alarming Trends in Insider Threats & Phishing-as-a-Service. Learn More
Get access to immediate incident response assistance.
Get access to immediate incident response assistance.
Trustwave's 2024 Financial Services Threat Reports Highlight Alarming Trends in Insider Threats & Phishing-as-a-Service. Learn More
For the past week, we've received a lot of reports of a worm that propagates through Skype known as Dorkbot. This is probably nothing new for most of you -but still it pays to be aware. Anyway, I got hold of a sample and took a closer look. The worm usually arrives as a link from a friend's Skype instant message telling you how funny your profile pics are.
Clicking the link, prompts the user to download a file hosted at Sendspace.com:
For the sake of science, we extracted the zip file and run it in our test environment, and of course, as we suspected this was the Skype worm itself. During testing we left Skype with fake user ID running in the background.
When run, the malware first obtained our infected host's IP address and location by cleverly querying it from a free GeoIP web service, Wipmania.com. It then sends this data back to one of the following control servers on port 1863:
It then downloads additional malware hosted at Hotfile.com. I have also seen reports of ransomware downloaded and installed on the infected system:
A
Not long after it downloaded the additional malware, it started spamming our Skype contacts with the same message that we got.
There are also other serious payloads for this malware: it also steals user credentials from various websites (as you can see in the screenshot below, those are the strings that the malware monitors). The malware is also capable of propagating through MSN and USB flash drives.
As always, be wary of whatever link has been sent to you and avoid clicking it if you are not sure of what it is. Trustwave SWG customers are protected against this threat.
Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.
Copyright © 2024 Trustwave Holdings, Inc. All rights reserved.