LOLPic is a Skype-based worm which was discovered in early October 2012 in which a message was sent to all users on the infected host's contacts list. The message will use the text of "lol is this your new profile pic?[URL]", and request users to check if it was the image. Most users who receoved this message fell for the trick and received malware. This malware works by opening a backdoor to add it to a bot network used to DDoS a website of the hackers choice, it is classed as ransomware as it holds the user to ransom.


This is the backdoor that the hacker uses to add it to a bot network.

The dropper, known as is a component of the worm and it installs malware.


  • LOLPic.b-This variant uses Yahoo Messenger instead of Skype.
  • LOLPic.qw-This variant said to download Skype Security(Rogue AV).
  • LOLPic.bxzs-This variant deleted hal.dll.


  • Lolpic.A