I've seen a few rippling reports of what may be the first Skype worm.

This from Jan in Malaysia, who watches Skype happenings with an eagle eye.

As predicted here is the first Skype worm on the loose...
My eagle eyes all over the world just reported this. I was waiting for stuff like this to happen and this is only the beginning of a probably very serious problem. I think the worst thing that could happen is that some worm is being created that will take down the widely spread p2p (super)nodes or something that will cause latency on the call. But anyways, that is just a thought. Here goes the current problem: « Skype Worm Breaks Out in APAC. By Stephen Withers. Tuesday, 19 December 2006. Symantec and Websense have warned Skype users of a new worm that spreads itself via Skype text messages.

Looks like Symantec is engaged and has dubbed this Chatosky. A number of entries on their web site here. Here's what I thought was the most pertinent entry:

W32.Chatosky
Risk Level 1: Very Low
Discovered: December 18, 2006
Updated: December 19, 2006 10:20:42 AM GMT
Type: Worm
Infection Length: 14,848 bytes
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

W32.Chatosky is a worm that spreads through Skype chat messages.

Protection
* Virus Definitions (LiveUpdate™ Daily) December 19, 2006
* Virus Definitions (LiveUpdate™ Weekly) December 20, 2006
* Virus Definitions (Intelligent Updater) December 19, 2006
* Virus Definitions (LiveUpdate™ Plus) December 19, 2006

Threat Assessment
Wild

* Wild Level: Low
* Number of Infections: 0 - 49
* Number of Sites: 0 - 2
* Geographical Distribution: Low
* Threat Containment: Easy
* Removal: Easy

Damage

* Damage Level: Low
* Payload: Spreads by sending a link to itself.

Distribution

* Distribution Level: Low

Writeup By: Masaki Suenaga

They're assessing the threat as low at this point, but given widespread Skype usage, that could change if this thing gets active.

Here's a clip from ComputerWorld Security -

Worm may be spreading via Skype chat
Thieving download up to no good, but does it target service?
December 19, 2006 (IDG News Service) -- Computer security analysts are studying reports of a worm that may be circulating via a feature in Skype Ltd.'s popular VoIP (voice over Internet protocol) service.

Security vendor Websense Inc. said the worm spreads through Skype's chat feature. Users receive a message asking them to download a file called "sp.exe." The executable is a Trojan horse that can steal passwords. If a user runs the Trojan it triggers another set of code to spread itself.

The first infected PCs appeared in the Asia-Pacific region, particularly in Korea, Websense reported on its blog on Tuesday. It said it was still investigating the issue.

Not all security experts were in agreement, however. F-Secure Corp. received a sample of the worm and determined that it did not, in fact, target Skype, said Mikko Hypponen, chief research officer. "What's clear is, there's no massive worm outbreak with Skype at the moment," Hypponen said. "We are following the situation."

I follow F-Secure closely and they're a trusted resource for me, so I'll be watching the developments myself. Whether this is or isn't a real Skype worm will son be figured out. And if it isn't that just means the use of Skype as an attack vector is still on the horizon. It's bound to happen


Technorati Tags: Skype, worm, infosec, Symantec, F-Secure, VoIP