Internet communication platform Skype has been hit by worm malware that could infect Windows PCs.
When users of the communication platform click on an instant message that says"lol is this your new profile pic"they instantly download Trojan malware.
Further reading
Skype rejects claims it re-architected software to make eavesdropping easier
Microsoft silent over claims it re-architected Skype to enable government eavesdropping-UPDATE
Microsoft finalises Skype acquisition for£5.3bn
Microsoft acquires PhoneFactor to boost enterprise mobile app security
According to security firm Sophos,the worm is a variant of Dorkbot,which lets hackers take control of infected Windows PCs remotely through HTTP by exploiting the Skype API.After the user clicks on the link,they automatically download a ZIP file that contains malicious executable files.
Graham Cluley,senior technology consultant at Sophos,said that the malware could allow a hacker to use the victim's PC in a botnet.
"Before you know it,your computer has been recruited into a botnet,and could fall victim to a ransomware attack,"he said.
Ransomware is a type of attack where the malware creator demands payment to remove the restrictions imposed on the PC by the malware.
In a statement,Skype said that it takes the user experience,and in particular security,very seriously and is working on reducing the damage that can be inflicted by the malware.
"We are aware of this malicious activity and are working quickly to mitigate its impact.We strongly recommend upgrading to the newest Skype version and applying updated security features on your computer,"the statement said.
In a blog,the firm also advised users to keep their PC or device security up to date with the latest anti-virus software.
Meanwhile,Microsoft,which acquired Skype in 2011,has released seven bulletins as part of its monthly patch updates.
Only one of the bulletins was rated critical and applied to Microsoft Office and Server Software.
The MS12-064 bulletin states that a privately reported vulnerability in Microsoft Word could allow remote code execution.
"The vulnerability could allow remote code execution if a user opens or previews a specially crafted RTF file.An attacker who successfully exploited this vulnerability could gain the same user rights as the current user,"the bulletin reads.