A new variant of the Dorkbot Worm that plagued Facebook users in late 2011 has resurfaced via emails sent to Skype users with the message reading “Lol is this your new profile pic?” The email also has a zipped attachment that contains an executable titled “skype_[today’s date]_image.exe” hoping to fool careless Skype users into thinking that the attached file is an update to their Skype software, or more foolishly somehow the above referenced profile picture. Instead, it “zombifies” the computer and, in a new twist, also installs a “Ransom-ware” form of malware which encrypts the user’s data and threatens to delete it unless a payment of $200 is made within 24-48 hours.
What this means for you:
Even if you are running the most recent and most powerful anti-virus and anti-malware software on your machine, it’s still possible for your computer to become compromised merely because you “opened the door” by purposefully running the unindentified executable. There is nothing that can prevent your computer being compromised in these types of situations except constant vigilance. Here’s what you should be watching for:
- Do you even know the sender? Do they normally email you out of the blue with an attachment? Obviously, attachments from strangers is a huge red flag!
- Is the email you’ve received characteristic of the sender? Does it have unusual spellings (or misspellings), capitalization, punctuation? Is the subject matter something you would normally discuss via email?
- Is the attachment something you were expecting, or at minimum, something you recognize? Is it normal for the sender to be sending you a file in this manner?
- If the email includes links, do the links actually go to where they say they do? For example, look at this link I made to google.com (which actually goes to bing.com). See how easy it is to fake a URL? Use your email program’s “View Source” option to check suspicious links.
- If you want to be certain, contact the sender via another means – phone, SMS, in-person – (their email account may be compromised) to verify they actually sent you a safe attachment.
Image courtesy of Victor Habbick / FreeDigitalPhotos.net