Worm circulating through Skype

VoIP service's IM joins Yahoo, Microsoft as attack target

Skype warned its users Monday that a worm targeting Windows PCs is spreading through the service's instant messenger, making the Voice over IP (VOIP)'s chat software the latest to come under the hacker gun.

Dubbed Ramex.a by Skype spokesman Villu Arak -- but pegged Pykspa.d by Symantec -- the worm takes a typical instant messenger (IM) line of attack: After hijacking contacts from an infected machine's Skype software, it sends messages to those people that include a live link. Recipients who blithely click on the URL -- which poses as a JPG image but is actually a download to a file with the .scr extension -- wind up infected.

"The chat message, of which there are several versions, is cleverly written and may appear to be a legitimate chat message, which may fool some users into clicking on the link," said Arak in an alert on the Skype site.

Arak also listed instructions for removing the worm from infected PCs, but they included changes to the Windows registry, a chore most users are hesitant to try.

Ramex.a/Pykspa.d injects code into the Explorer.exe process to force it to run the actual malware -- a file named wndrivsd32.exe -- periodically, wrote an infected user on a Skype message forum today. The worm also plugs in bogus entries in the Windows hosts file so that installed security software won't be able to retrieve updates.

It may also modify the list of programs allowed to call up Skype, according to a moderator on Skype's Windows support forum. "You may additionally need to check your approved programs that work with Skype," said the user identified as TheUberOverlord. "If you see something that looks strange REMOVE it," he added. The list of approved programs can be found under Tools/Options/Privacy/Related Tasks in Skype 3.0.

As of early Monday, detailed information from anti-virus vendors was scanty. Symantec, for instance, while listing Pykspa.d as a new threat, said in its write-up only that it is investigating. Several security companies, however, including Symantec, F-Secure and Kaspersky Lab, have already updated their signature definitions to detect and delete the new malware.

Skype is only the latest IM client to feel the heat from hackers. Both Yahoo Messenger and Microsoft's MSN/Live Messenger have been struck this summer. Exploit code designed to hijack Windows PCs running Yahoo Messenger appeared as early as June, and Yahoo has been forced to patch the IM client several times since. Microsoft, meanwhile, has scheduled fixes for its MSN Messenger and Windows Live Messenger software for Tuesday, presumably to quash a webcam bug that was disclosed late last month.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Computerworld

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?