Skype users are being targeted by a bout of click fraud and ransomware, The Next Web reports. Users have been receiving a seemingly harmless looking message that reads, “lol is this your new profile pic?”. This is a malware-ridden message. The message is followed by a link that downloads a zip file on the PC. On running the executable file inside (skype_02102012_image.exe or skype_06102012_image.zip or skype_08102012_image.zip), the PC gets infected, leveraging a Java exploit via BlackHole 2.0. Shortly after, users will be prompted with a warning, typical of ransomware.
Users with systems hit by ransomware lose access to their data. They are denied access to it until they pay ransom to get it back. A GFI report explains this, “The above is a typical Ransomware scare message that locks the user out of their data, encrypts the files and demands payment (via Moneypak) to the tune of $200. The IP address and geographical location is displayed in the bottom right hand corner, along with various threats related to the downloading of MP3s, illegal pornography, gambling and more besides”.
Skype users affected by malware
However, the report highlights that the link been changed on a number of occasions, and the text has also been altered. Although the malware-laden message is currently spreading in English and German, it can be translated into several other languages.
The Next Web adds that although GFI first highlighted the issue on Friday, it has only been confirmed now that users are indeed being targeted using click fraud and ransomware.
In addition to ransomware, the message has been found to indulge click fraud. Giving an insight into this, the report adds that in the span of 10 minutes, GFI recorded 2,259 transmissions.
In his statement to The Next Web, a Skype spokesperson shared, “Skype takes the user experience very seriously, particularly when it comes to security. We are aware of this malicious activity and are working quickly to mitigate its impact. We strongly recommend upgrading to the newest Skype version and applying updated security features on your computer. Additionally, following links – even when from your contacts – that look strange or are unexpected is not advisable”.
Recently, reports about a bug affecting Skype grabbed headlines. A strange bug had been found sending instant messages to the wrong people on a user's contact list on Skype, causing users much discomfort. Skype then began rolling out the first batch of patches of a hotfix. In an official post on Skype Garage, Skype confirms that they have begun rolling out a hotfix over for multiple Skype clients to address a couple of known issues. By way of its official post, Skype added that users should download the updated versions of the service.