Dorkbot worm spreads across Skype, takes files hostage

Written by Russell Co. Posted in News, Security

Tagged: , , , ,

Published on October 09, 2012 with 1 Comment

A new worm called “Dorkbot” is making rounds, targeting unsuspecting Skype users. The worm had previously affected both Twitter and Facebook, using social engineering tactics to trick users into clicking untrustworthy links that put their systems at risk.

The Problem

Many security firms, as well as users have reported receiving messages from friends in their contact lists with the message asking “lol is this your new profile pic?” with a shortened link redirecting users to a download on  As reported by Trend Micro’s blog, Rik Ferguson says that the Skype worm is spreading fast, with messages being sent in English and German.

The worm is hidden inside a file labled as “”. An executable file of the same name, detected as TROJ_DLOADER.IF, installs the Dorkbot worm. The severity of the problem escalates as the worm compromises the machine, it locks the user out and joins a botnet. The worm uses what’s known as “ransomware” to extort funds from a user. It informs users that their files have become encrypted and will be deleted unless they pay a $200 fine within 48 hours.

The Cure

Skype suggests users update to the latest Skype version and updating any security features you may have on your computer. The best way to keep your system safe is to avoid clicking on suspicious links, even if they come from your contacts.

Remember – an ounce of prevention is worth a pound of cure.


  • Brent Co

    They’ve certainly taken worms to a different level. These programmers are very brilliant and talented, it’s just sad that all their gifts are being used for malicious deeds.