Skype 'Worm' Overrated, Says Websense - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Enterprise Applications
News
12/19/2006
01:43 PM
50%
50%

Skype 'Worm' Overrated, Says Websense

Websense has reclassified the threat as a Trojan horse and says its impact is declining.

Malware spreading on the Skype VoIP network raised alarms Tuesday, with some reports claiming that a worm was on the loose. The threat, however, is actually low, a security analyst says.

Warnings late Monday and very early Tuesday claimed that a worm was propagating across Skype -- one of the most popular voice-over-IP applications -- and infecting systems with a password-stealing Trojan horse. Tuesday, for example, Symantec issued an alert to customers of its DeepSight threat management service that a worm it dubbed "Chatosky" was spreading in the Asia Pacific region, including South Korea.

"The code isn't a worm," says Dan Hubbard, VP of research at security vendor Websense. "It relies on the end user to acknowledge a binary through the API, which is normal behavior in Skype." In addition, the threat does not make copies of itself.

"It's not exploiting a vulnerability," adds Hubbard.

Websense was among the first to post an alert about a possible Skype worm. However, after talking with the Skype security team, which is based in Estonia, Hubbard says he had reclassified the threat as a Trojan horse. "A user with Skype will get a message to download a program from a URL included in a chat message," says Hubbard. "If they click on that, a program runs in the background, then injects itself into the Explorer process. It looks like the Trojan is designed to grab forms and passwords from the browser."

Another file -- the Skype binary that the user is prompted to accept -- accesses the VoIP application, then harvests any online Skype contacts and transmits those names to a remote server.

Although Skype is best known as a telephone-style service, it uses an instant messaging-like contact list for easier calling, and includes a chat function for text messaging. The Trojan, in fact, is applying the same attack techniques commonly used in instant messaging attacks.

The servers the attacker used to download malicious code to infected computers are now down, Hubbard confirms.

"The one thing that's unusual here is its use of a public API," says Hubbard. The two-part API allows Skype to connect to USB devices, such as VoIP phones, and lets third-party applications access some of Skype's functions, such as making a call.

"This is either spreading very slowly, and only regionally, or it's dead by now," Hubbard says.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

News
Becoming a Self-Taught Cybersecurity Pro
Jessica Davis, Senior Editor, Enterprise Apps,  6/9/2021
News
Ancestry's DevOps Strategy to Control Its CI/CD Pipeline
Joao-Pierre S. Ruth, Senior Writer,  6/4/2021
Slideshows
IT Leadership: 10 Ways to Unleash Enterprise Innovation
Lisa Morgan, Freelance Writer,  6/8/2021
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Slideshows
Flash Poll