If you get a Skype message that says “lol is this your new profile pic?” avoid the temptation to click it and check it out, because it is a bad bad bad piece of malware.
The Next Web reported its existence, and now we know how bad the piece of malware actually is. It uses ransomware to try to get some money out of you (the uber-annoying pop-up that locks out your computer and demands to be paid) and uses click fraud as well. These things are annoying, but a bit of spyware clean-up usually solves the problem. But the Skype malware is worse, because it also targets your user accounts like Facebook, Twitter, Amazon, etc.
According to Kaspersky and Symantec, the malware targets at least the following accounts: 1and1, Alertpay, Brazzers, Dotster, eBay, Enom, Facebook, Godaddy, iknowthatgirl, Letitbit, Moniker, Namecheap, Netflix, PayPal, Sms4file, The Pirate Bay, Torrentleech, Twitter, Webnames, Whatcd, Vip-file, Yahoo, and YouPorn. It can spread via USB devices as well.
The Next Web did a full technical run-down of the Skype malware here, but we’re here to warn you outright: Don’t click on any links sent to you via Skype or any other instant messaging service. This is really just general good practice whenever this kind of thing pops up. Also, don’t download unknown archives or extract zip files to open files within, especially if you don’t know what they are.
Be safe, Skype users!