Update: Worm circulating through Skype
VoIP service's IM joins Yahoo, Microsoft as attack target
Computerworld - Skype Ltd. warned its users today that a worm targeting Windows PCs is spreading through the service's instant messenger, making the Voice over IP (VoIP)'s chat software the latest to come under the hacker gun.
Dubbed Ramex.a by Skype spokesman Villu Arak -- but pegged Pykspa.d by Symantec Corp. -- the worm takes a typical instant messenger (IM) line of attack: After hijacking contacts from an infected machine's Skype software, it sends messages to those people that include a live link. Recipients who blithely click on the URL -- which poses as a JPG image but is actually a download to a file with the .scr extension -- wind up infected.
"The chat message, of which there are several versions, is cleverly written and may appear to be a legitimate chat message, which may fool some users into clicking on the link," said Arak in an alert on the Skype site.
Arak also listed instructions for removing the worm from infected PCs, but they included changes to the Windows registry, a chore most users are hesitant to try.
Ramex.a/Pykspa.d injects code into the Explorer.exe process to force it to run the actual malware -- a file named wndrivsd32.exe -- periodically, wrote an infected user on a Skype message forum today. The worm also plugs in bogus entries in the Windows hosts file so that installed security software won't be able to retrieve updates.
It may also modify the list of programs allowed to call up Skype, according to a moderator on Skype's Windows support forum. "You may additionally need to check your approved programs that work with Skype," said the user identified as TheUberOverlord. "If you see something that looks strange REMOVE it," he added. The list of approved programs can be found under Tools/Options/Privacy/Related Tasks in Skype 3.0.
As of early today, detailed information from anti-virus vendors was scanty. Symantec, for instance, while listing Pykspa.d as a new threat, said in its write-up only that it is investigating. Several security companies, however, including Symantec, F-Secure Corp. and Kaspersky Lab Inc., have already updated their signature definitions to detect and delete the new malware.
Skype is only the latest IM client to feel the heat from hackers. Both Yahoo Messenger and Microsoft Corp.'s MSN/Live Messenger have been struck this summer. Exploit code designed to hijack Windows PCs running Yahoo Messenger appeared as early as June, and Yahoo has been forced to patch the IM client several times since. Microsoft, meanwhile, has scheduled fixes for its MSN Messenger and Windows Live Messenger software for tomorrow, presumably to quash a webcam bug that was disclosed late last month.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts