Remember back in the good old days when viruses floated around on floppy discs? Or, more recently, when your biggest threat of having a worm take over your computer was using Microsoft’s Internet Explorer or Outlook email program, knowing that even if you dutifully downloaded the latest updates, you could never quite be sure you were safe? Well, malware writers have been expanding their horizons, and any software application with a large user base is sure to be a target. Case and point, VoIP application Skype and its more than 170 million users.
According to antivirus and security vendor F-Secure, a new worm is targeting the Skype application for Windows, harvesting the machine for email addresses and directing users to a range of Web sites hosting malware. Once the worm has set itself up on a machine, it sends a malicious link to users in the infected machine’s Skype contact list via instant messaging; that link leads to a Trojan application which can download additional malicious software while showing an image of a “lightly dressed” woman…presumably to distract users. The worm also points users to a selection of sites about Africa; Sophos’ Graham Cluley speculates the links may be an attempt at click fraud, using the compromised PCs to “generate advertising revenue for them by increasing their number of ‘hits’.” It also sets a user’s status to Do Not Disturb, block inbound calls and messages.
The new worm—dubbed “Pykse A”—is not the first worm to target the Skype application’s instant messaging capability, although none of the previous efforts have been widespread in comparison to other malware targeting the Windows platform. At first glance, the Pykse worm doesn’t appear to be on track for wide propagation, but the increasing advent of Skype worms raises security concerns, and points to the potential risk of using VoIP and instant messaging software to both organizations and individuals. “Our advice would be for companies to audit the software that their users are running,” said Cluley, “not only to prevent potential malware security issues—but also because of the other risks that unauthorized software can bring to company data and networks.”