Update: Worm circulating through Skype
VoIP service's IM joins Yahoo, Microsoft as attack target
Computerworld - Skype Ltd. warned its users today that a worm targeting Windows PCs is spreading through the service's instant messenger, making the Voice over IP (VoIP)'s chat software the latest to come under the hacker gun.
Dubbed Ramex.a by Skype spokesman Villu Arak -- but pegged Pykspa.d by Symantec Corp. -- the worm takes a typical instant messenger (IM) line of attack: After hijacking contacts from an infected machine's Skype software, it sends messages to those people that include a live link. Recipients who blithely click on the URL -- which poses as a JPG image but is actually a download to a file with the .scr extension -- wind up infected.
"The chat message, of which there are several versions, is cleverly written and may appear to be a legitimate chat message, which may fool some users into clicking on the link," said Arak in an alert on the Skype site.
Arak also listed instructions for removing the worm from infected PCs, but they included changes to the Windows registry, a chore most users are hesitant to try.
Ramex.a/Pykspa.d injects code into the Explorer.exe process to force it to run the actual malware -- a file named wndrivsd32.exe -- periodically, wrote an infected user on a Skype message forum today. The worm also plugs in bogus entries in the Windows hosts file so that installed security software won't be able to retrieve updates.
It may also modify the list of programs allowed to call up Skype, according to a moderator on Skype's Windows support forum. "You may additionally need to check your approved programs that work with Skype," said the user identified as TheUberOverlord. "If you see something that looks strange REMOVE it," he added. The list of approved programs can be found under Tools/Options/Privacy/Related Tasks in Skype 3.0.
As of early today, detailed information from anti-virus vendors was scanty. Symantec, for instance, while listing Pykspa.d as a new threat, said in its write-up only that it is investigating. Several security companies, however, including Symantec, F-Secure Corp. and Kaspersky Lab Inc., have already updated their signature definitions to detect and delete the new malware.
Skype is only the latest IM client to feel the heat from hackers. Both Yahoo Messenger and Microsoft Corp.'s MSN/Live Messenger have been struck this summer. Exploit code designed to hijack Windows PCs running Yahoo Messenger appeared as early as June, and Yahoo has been forced to patch the IM client several times since. Microsoft, meanwhile, has scheduled fixes for its MSN Messenger and Windows Live Messenger software for tomorrow, presumably to quash a webcam bug that was disclosed late last month.
- Securing Mobile App Data - Comparing Containers and App Wrappers Analysts agree that Mobile Device Management (MDM) is not enough when it comes to securing app data. Although it remains a critical component...
- PCI 3.0 Compliance In this white paper, learn how PCI-DSS 3.0 effects how you deploy and maintain PCI compliant networks using CradlePoint devices.
- Mitigating Security Risks at the Networks Edge This white paper provides strategies and best practices for distributed enterprises to protect their networks against vulnerabilities, threats, and malicious attacks.
- 5 Strategies for Modern Data Protection Read the five strategies for modern data protection that will not only help solve your current data management challenges but also ensure that...
- Business-driven data protection Setting up data protection infrastructures with your organizations' core mission or business in mind is key. In this webinar, the ARCserve team will...
- On-Demand Webinar: Mind the Gap! Watch the webinar featuring Bob Janssen, CTO and Co-Founder of RES Software, to start building a solid foundation for business and IT to... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!