The first Skype worm is on the loose according to an Internet security firm – Websense. As with most worms you’re perfectly safe if you follow basic Internet security rules i.e. don’t accept or open unknown attachments! Websense indicates the worm has the following actions:
* users receive messages via Skype Chat to download and run a file
* the filename is called sp.exe
* assuming the file is run it appears to drop and run a password stealing Trojan Horse
* the file also appears to run another set of code that uses Skype to propagate the original file
* the file is packed and has anti-debugging routines (NTKrnl Secure Suite packer)
* the file connects to a remote server for additional code
* the original site has been black holed and is not serving the code anymore
* the number of victims is still TBD
* the original infections appear to be in APAC region (Korea in particular)
Individuals should pay particular attention to their security but fortunately companies installing and using Skype have an advantage. The Business Version of Skype enables network administrators to disable file transfer to remove temptation from employees clicky fingers.
Finally the best advice as ever (once again) is never accept or open files if you don’t know where they came from and what they contain! A great website with advice on staying safe online is Get Safe Online which eBay sponsor
One Response
An update from Skype…
“By late on 19 December, we had obtained a copy of one of the two variants of the worm, and we learned that the attack was:
* not a worm; and
* made very minimal use of Skype
In particular, the program was a Trojan Horse that spreads over the web. Although it uses Skype to propagate itself, it makes legal use of our APIs to simply send a web link (URL) to another user — that is the full extent of the use of Skype.
As of 20 December, the sites distributing the malware had been taken off the net, thereby effectively stopping further spread of the malware.”