The Rodpicom worm spreads via messages in Skype and MSN Messenger and leads to other malicious infections. The attack was discovered by Fortinet.
The attack starts with a user receiving a direct message which says: “LOL is this your new profile pic? http://goo.gl/[removed]”. The link leads to a malicious site and infects the user’s system with the worm via downloadable content.
Subsequently, the infected computer becomes a bot and attackers use it to send malicious messages to other potential victims. In addition, the worm installs a backdoor on the user's system to download additional malware, sends spam, and connects to the C&C server to download its new versions.
According to researcher Raul Alvarez, the malware is also equipped with a number of evasive and obfuscation techniques that help to hide its existence both from AV software and researchers.
