Trojan Targets Skype IM Users

The most popular service of Skype is allowing subscribers to make free of cost telephone calls over the Internet. There are more than 7 million subscribers of the company. Just a year ago, online auction firm eBay acquired it for $2.6 billion.

On December 19, 2006 security firm Websense detected a Trojan horse that aims at Skype IM users. This is the latest in a row of instant messaging attacks in 2006. The firm reported that a self-propagating worm called "sp.exe" plants the attack. Websense in co-operation with Skype and its parent company eBay conducted an investigation after which it issued an update stating it as a Trojan horse.

The Trojan infecting through the Skype API behaves according to the specifications of the API. The user running Skype does get an alert notification when a program attempts to access it, that the user must acknowledge. Websense wrote in a warning message that presently Skype doesn't have any uncovered vulnerability. The site hosting the Trojan is now down.

The user of a public API (Application Programming Interface) is a particularly unusual thing, says Dan Hubbard, vice president of research at Websense. Skype connects to USB devices such as VoIP phones by its two-part API. The mechanism enables 'third-party applications' to access Skype such as to make a telephone call.

According to Hubbard, the malware is either spreading slowly and only regionally, or it has disappeared by now.

In its security warning Websense describes the Trojan horse sending a message via the Skype Chat - text-based instant messenger - that instructs the recipient to download a file called sp.exe. A user who follows the instruction downloads Skype programming code through the virus along with the same virus' new versions that tries to steal passwords.

Websense said that the first appearance of the worm was in Asia however rival security-firm F-Secure called it an exaggeration. According to Mikko Hyponnen, chief research officer at F-Secure, there was no widespread outbreak of Skype worm at present. F-Secure is following the situation closely. The worm is found to have originated in the Asia Pacific region, mainly in Korea.

Related article: Trojans to Target VoIP in 2006

» SPAMfighter News - 12/26/2006