The worm takes advantage of Skype's chat function to send a message with a link that takes unwary users to a malicious jpg file.
A worm that is targeting Skype users is quickly spreading around the globe, security researchers warn.
The worm, which different vendors identify as Ramex, Skipi or Pykspa, uses Skype's chat function to send users a short message that contains a link to a jpg file, according to a warning from the Internet Storm Center.
Skype warned users in a blog entry that by clicking on the link, the Windows Run/Save dialog box will pop up, asking for permission to save or run a .scr file. This is the virus file and should not be downloaded or run.
"The new week has started with a bang. And not the kind of bang we like," wrote spokesman Villu Arak on Skype's Heartbeat blog. "Please note that Skype users ONLY become infected after they have downloaded the link and run the malicious software. The chat message, of which there are several versions, is cleverly written and may appear to be a legitimate chat message, which may fool some users into clicking on the link."
Skype is a free peer-to-peer Internet telephony network. The service is designed to enable users to make and receive phone calls over their computer.
This past March, Skype users were hit with a similar problem. A Trojan used an infected machine to reach out and infect user's friends and colleagues. At the time, Websense issued an alert warning that the malicious code, known as both Warezov and Stration, was spreading through the Skype network again. An earlier version initially attacked late in February.
Arak noted that for this current attack, Skype's researchers have been in contact with anti-virus vendors about updating their software to stop the worm. As of Tuesday morning, Skype reported that F-Secure, Kaspersky Labs, and Symantec protect against the worm.
John McDonald, a Symantec researcher, warned users in a blog to beware of a particular Windows image -- the bitmap file Soap Bubbles.bmp. To mask the download, the worm displays the legitimate image if it's in the victim's machine. "So if you saw the image recently after clicking on a link contained in a Skype message from someone, chances are your machine is infected," he added.
Maarten Van Horenbeeck, a handler with the Internet Storm Center, warned users in a blog that the malware contains code designed to turn off several security applications. It also impedes the downloading of updates.
Arak noted that there are two different ways to clean the worm off an infected computer.
"There are two ways to get rid of the worm: the normal way and the techhead way," he wrote. "Most users should NOT attempt to edit their computer's registry manually. For most people, downloading and/or updating their anti-virus software, and scanning their computer to detect and remove the worm, is the way to go."
He detailed the more technical way to get rid of the worm in his blog.
Building A Mobile Business MindsetAmong 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps – and it's past time for those with no plans to get cracking.