Software // Enterprise Applications
News
9/11/2007
11:18 AM
Connect Directly
RSS
E-Mail
50%
50%

Warning To Skype Users: Beware Of New Worm

The worm takes advantage of Skype's chat function to send a message with a link that takes unwary users to a malicious jpg file.

A worm that is targeting Skype users is quickly spreading around the globe, security researchers warn.

The worm, which different vendors identify as Ramex, Skipi or Pykspa, uses Skype's chat function to send users a short message that contains a link to a jpg file, according to a warning from the Internet Storm Center.

Skype warned users in a blog entry that by clicking on the link, the Windows Run/Save dialog box will pop up, asking for permission to save or run a .scr file. This is the virus file and should not be downloaded or run.

"The new week has started with a bang. And not the kind of bang we like," wrote spokesman Villu Arak on Skype's Heartbeat blog. "Please note that Skype users ONLY become infected after they have downloaded the link and run the malicious software. The chat message, of which there are several versions, is cleverly written and may appear to be a legitimate chat message, which may fool some users into clicking on the link."

Skype is a free peer-to-peer Internet telephony network. The service is designed to enable users to make and receive phone calls over their computer.

This past March, Skype users were hit with a similar problem. A Trojan used an infected machine to reach out and infect user's friends and colleagues. At the time, Websense issued an alert warning that the malicious code, known as both Warezov and Stration, was spreading through the Skype network again. An earlier version initially attacked late in February.

Arak noted that for this current attack, Skype's researchers have been in contact with anti-virus vendors about updating their software to stop the worm. As of Tuesday morning, Skype reported that F-Secure, Kaspersky Labs, and Symantec protect against the worm.

John McDonald, a Symantec researcher, warned users in a blog to beware of a particular Windows image -- the bitmap file Soap Bubbles.bmp. To mask the download, the worm displays the legitimate image if it's in the victim's machine. "So if you saw the image recently after clicking on a link contained in a Skype message from someone, chances are your machine is infected," he added.

Maarten Van Horenbeeck, a handler with the Internet Storm Center, warned users in a blog that the malware contains code designed to turn off several security applications. It also impedes the downloading of updates.

Arak noted that there are two different ways to clean the worm off an infected computer.

"There are two ways to get rid of the worm: the normal way and the techhead way," he wrote. "Most users should NOT attempt to edit their computer's registry manually. For most people, downloading and/or updating their anti-virus software, and scanning their computer to detect and remove the worm, is the way to go."

He detailed the more technical way to get rid of the worm in his blog.

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps – and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest September 18, 2014
Enterprise social network success starts and ends with integration. Here's how to finally make collaboration click.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.