Update: Worm circulating through Skype
VoIP service's IM joins Yahoo, Microsoft as attack target
Computerworld - Skype Ltd. warned its users today that a worm targeting Windows PCs is spreading through the service's instant messenger, making the Voice over IP (VoIP)'s chat software the latest to come under the hacker gun.
Dubbed Ramex.a by Skype spokesman Villu Arak -- but pegged Pykspa.d by Symantec Corp. -- the worm takes a typical instant messenger (IM) line of attack: After hijacking contacts from an infected machine's Skype software, it sends messages to those people that include a live link. Recipients who blithely click on the URL -- which poses as a JPG image but is actually a download to a file with the .scr extension -- wind up infected.
"The chat message, of which there are several versions, is cleverly written and may appear to be a legitimate chat message, which may fool some users into clicking on the link," said Arak in an alert on the Skype site.
Arak also listed instructions for removing the worm from infected PCs, but they included changes to the Windows registry, a chore most users are hesitant to try.
Ramex.a/Pykspa.d injects code into the Explorer.exe process to force it to run the actual malware -- a file named wndrivsd32.exe -- periodically, wrote an infected user on a Skype message forum today. The worm also plugs in bogus entries in the Windows hosts file so that installed security software won't be able to retrieve updates.
It may also modify the list of programs allowed to call up Skype, according to a moderator on Skype's Windows support forum. "You may additionally need to check your approved programs that work with Skype," said the user identified as TheUberOverlord. "If you see something that looks strange REMOVE it," he added. The list of approved programs can be found under Tools/Options/Privacy/Related Tasks in Skype 3.0.
As of early today, detailed information from anti-virus vendors was scanty. Symantec, for instance, while listing Pykspa.d as a new threat, said in its write-up only that it is investigating. Several security companies, however, including Symantec, F-Secure Corp. and Kaspersky Lab Inc., have already updated their signature definitions to detect and delete the new malware.
Skype is only the latest IM client to feel the heat from hackers. Both Yahoo Messenger and Microsoft Corp.'s MSN/Live Messenger have been struck this summer. Exploit code designed to hijack Windows PCs running Yahoo Messenger appeared as early as June, and Yahoo has been forced to patch the IM client several times since. Microsoft, meanwhile, has scheduled fixes for its MSN Messenger and Windows Live Messenger software for tomorrow, presumably to quash a webcam bug that was disclosed late last month.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts