Thread: Skype Warning

Miscreants have again adapted the Warezov Trojan horse to target Skype users, Websense Security Labs warned on Thursday.

The attack is similar to threats that target instant-messaging applications. A targeted Skype user will receive a chat message with the text "Check up this" and a link to a malicious executable called "file_01.exe" on a Web site, Websense said in an alert. If the user runs the file, several other files are downloaded and run, it said.

Once infected, a computer will be at the beck and call of the attacker and the Trojan horse will start sending messages to the victim's Skype contacts to propagate, Websense said. The attack is similar to one reported in February, but it has been adapted with files hosted at different locations and a new version of the malicious code, the security company said.

Skype has acknowledged in the past that its instant-messaging feature could be used for nefarious purposes just like any other IM service. The company has said that it is looking at partnerships with security firms to offer a capability for the Skype client that filters out malicious links.

"Harmful viruses and Trojan horses may damage a user's computer and collect private data, regardless of whether a person is using Skype, e-mail or IM clients," Kurt Sauer, Skype chief security officer, said Friday. Skype warned users against opening the malicious file and said they should take caution in general when opening attachments. The company also recommends using antivirus software to check incoming files, Sauer said.

Warezov, also known as Stration, has been around since at least September. Several variants of the malicious code have appeared. Miscreants have spread it via spam e-mail, as well as Skype.

I am still amazed that some people run ANYTHING they get through IM, mail or an untrusted website.

People lock their doors at night and generally keep their credit card details safe, but when it comes to computers they all expect people to be nice to each other and sing kumbaya .

When it comes to computers and the internet I am a cynical bastard. It goes with the job I suspect. But it has kept me virus free for 9 years without having to take additional protective measures.

Yup - still amazes me that anyone opens anything that they don't know has been sent in good faith. If you dont recognise it, even if you recognise the person its come from, ignore it. If that person asks "did you see such and such that I sent you", then you know its legit. If not, you probably didn't miss much - some funny pictures of animals, or some nice sunsets probably.

Si