Warning To Skype Users: Beware Of New Worm - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Enterprise Applications

Warning To Skype Users: Beware Of New Worm

The worm takes advantage of Skype's chat function to send a message with a link that takes unwary users to a malicious jpg file.

A worm that is targeting Skype users is quickly spreading around the globe, security researchers warn.

The worm, which different vendors identify as Ramex, Skipi or Pykspa, uses Skype's chat function to send users a short message that contains a link to a jpg file, according to a warning from the Internet Storm Center.

Skype warned users in a blog entry that by clicking on the link, the Windows Run/Save dialog box will pop up, asking for permission to save or run a .scr file. This is the virus file and should not be downloaded or run.

"The new week has started with a bang. And not the kind of bang we like," wrote spokesman Villu Arak on Skype's Heartbeat blog. "Please note that Skype users ONLY become infected after they have downloaded the link and run the malicious software. The chat message, of which there are several versions, is cleverly written and may appear to be a legitimate chat message, which may fool some users into clicking on the link."

Skype is a free peer-to-peer Internet telephony network. The service is designed to enable users to make and receive phone calls over their computer.

This past March, Skype users were hit with a similar problem. A Trojan used an infected machine to reach out and infect user's friends and colleagues. At the time, Websense issued an alert warning that the malicious code, known as both Warezov and Stration, was spreading through the Skype network again. An earlier version initially attacked late in February.

Arak noted that for this current attack, Skype's researchers have been in contact with anti-virus vendors about updating their software to stop the worm. As of Tuesday morning, Skype reported that F-Secure, Kaspersky Labs, and Symantec protect against the worm.

John McDonald, a Symantec researcher, warned users in a blog to beware of a particular Windows image -- the bitmap file Soap Bubbles.bmp. To mask the download, the worm displays the legitimate image if it's in the victim's machine. "So if you saw the image recently after clicking on a link contained in a Skype message from someone, chances are your machine is infected," he added.

Maarten Van Horenbeeck, a handler with the Internet Storm Center, warned users in a blog that the malware contains code designed to turn off several security applications. It also impedes the downloading of updates.

Arak noted that there are two different ways to clean the worm off an infected computer.

"There are two ways to get rid of the worm: the normal way and the techhead way," he wrote. "Most users should NOT attempt to edit their computer's registry manually. For most people, downloading and/or updating their anti-virus software, and scanning their computer to detect and remove the worm, is the way to go."

He detailed the more technical way to get rid of the worm in his blog.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2021 Outlook: Tackling Cloud Transformation Choices
Joao-Pierre S. Ruth, Senior Writer,  1/4/2021
Enterprise IT Leaders Face Two Paths to AI
Jessica Davis, Senior Editor, Enterprise Apps,  12/23/2020
10 IT Trends to Watch for in 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/22/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Flash Poll