Dorkbot worm lurks on Skype and MSN Messenger again

The Dorkbot/Rodpicom worm, which spreads via messaging applications and leads to additional malware infections, is currently doing rounds on Skype and MSN Messenger, warns Fortinet.

skype-msnThe vicious circle starts with potential victims receiving a direct message from a contact, asking “LOL is this your new profile pic?[removed]”. Those who follow the link land on a malicious site and are infected with the worm.
Apart from being able to send out the aforementioned message to further potential victims, the malware is also capable of opening a backdoor into the infected system, downloading more malicious software, spamming, reaching out to its C&C server, downloading a new version of itself, and other malicious activities. The computer is essentially enslaved into a botnet and is ready to do the botnet master’s bidding.
It’s interesting to note that the worm waits until the victims log into the chat app they use and then send out the messages. It is also able of changing the language of the message to be consistent with the language of the installed Windows operating system, making it more believable that the message has been sent by the user.
According to FortiGuard Labs researcher Raul Alvarez, the malware is also equipped with a number of evasive and obfuscation techniques aimed at hiding its existence both from AV software and researchers.


This Post Has 2 Comments

  1. Carbonize

    So would I be right in guessing this really only affects IE users.

  2. Omid Farhang

    It does not relay on exploiting browser, so no matter what browser you use:
    “The malware sends a message to the victim with a link to a malicious site that leads to downloadable content. When the user clicks the link, the attack downloads another strain of malware, known as Dorkbot. It is the perpetrator responsible for executing the events that propel cybercriminal objectives: downloading more malicious code, contacting the Command and Control server, spamming and a host of other bot-related activities. It is also responsible for downloading an updated version of Rodpicom.”

Leave a Reply