Software // Enterprise Applications
News
12/19/2006
01:43 PM
Connect Directly
RSS
E-Mail
50%
50%

Skype 'Worm' Overrated, Says Websense

Websense has reclassified the threat as a Trojan horse and says its impact is declining.

Malware spreading on the Skype VoIP network raised alarms Tuesday, with some reports claiming that a worm was on the loose. The threat, however, is actually low, a security analyst says.

Warnings late Monday and very early Tuesday claimed that a worm was propagating across Skype -- one of the most popular voice-over-IP applications -- and infecting systems with a password-stealing Trojan horse. Tuesday, for example, Symantec issued an alert to customers of its DeepSight threat management service that a worm it dubbed "Chatosky" was spreading in the Asia Pacific region, including South Korea.

"The code isn't a worm," says Dan Hubbard, VP of research at security vendor Websense. "It relies on the end user to acknowledge a binary through the API, which is normal behavior in Skype." In addition, the threat does not make copies of itself.

"It's not exploiting a vulnerability," adds Hubbard.

Websense was among the first to post an alert about a possible Skype worm. However, after talking with the Skype security team, which is based in Estonia, Hubbard says he had reclassified the threat as a Trojan horse. "A user with Skype will get a message to download a program from a URL included in a chat message," says Hubbard. "If they click on that, a program runs in the background, then injects itself into the Explorer process. It looks like the Trojan is designed to grab forms and passwords from the browser."

Another file -- the Skype binary that the user is prompted to accept -- accesses the VoIP application, then harvests any online Skype contacts and transmits those names to a remote server.

Although Skype is best known as a telephone-style service, it uses an instant messaging-like contact list for easier calling, and includes a chat function for text messaging. The Trojan, in fact, is applying the same attack techniques commonly used in instant messaging attacks.

The servers the attacker used to download malicious code to infected computers are now down, Hubbard confirms.

"The one thing that's unusual here is its use of a public API," says Hubbard. The two-part API allows Skype to connect to USB devices, such as VoIP phones, and lets third-party applications access some of Skype's functions, such as making a call.

"This is either spreading very slowly, and only regionally, or it's dead by now," Hubbard says.

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps – and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest September 23, 2014
Intrigued by the concept of a converged infrastructure but worry you lack the expertise to DIY? Dell, HP, IBM, VMware, and other vendors want to help.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.