Original URL: http://www.theregister.co.uk/2006/12/20/skype_trojan/
Hackers call on Skype to spread Trojan
Dial M for malware
Posted in Security, 20th December 2006 12:57 GMT
Malware authors are using Skype to help spread a pair of Trojan packages.
The malware does not exploit flaws in Skype as such, as a computer worm might do, but spreads by tricking users into agreeing to run hostile code, which poses as a "cool program" from one of their contacts.
F-Secure reports (http://www.f-secure.com/weblog/archives/archive-122006.html#00001054) that two different and separate malware samples are using Skype as an attack vector. One malware sample - called "sp.exe" - attempts to link to a site called nsdf.no-ip.biz to download additional malware components. The other sample of malware, first detected (http://www.f-secure.com/v-descs/skyperise.shtml) at the beginning of October, attempts to download components from marx2.altervista.org.
The websites used to download secondary malware samples have both been pulled since the attack was detected (http://www.websense.com/securitylabs/alerts/alert.php?AlertID=716) earlier this week.
Although the immediate threats posed by these Skype Trojan attacks is therefore minimal, the assault serves to illustrate the changing attack vectors (in this case a VoIP client) that hackers are turning to as an alternative to the well-known risks of malware in email or harboured on maliciously-constructed websites. ®