Update on Alleged Skype Worm
Here's an update on the alleged Skype Worm I mentioned yesterday from F-Secure. They're generally a voice of reason and good sense.
Skype WormWhat seems clear is that Skype users have been loosely targeted. Some users get a messge prompting them to click a link, which then downloads a malicious payload. Incidents remain very low.
We've received some queries about a Skype worm.
The situation is a bit confusing right now, but here's what we know:
- There is no massive outbreak going on
- There is something spreading on Skype, but only in limited numbers
- It is not exploiting a vulnerability in Skype but simply sending chat messages asking you to download and run the infected executable
- There are two different and separate malware samples being talked about relating to this case, confusing things further
- One of them is named "sp.exe". We received a sample of this yesterday and added detection. This one is connecting to nsdf.no-ip.biz in its attempt to download additional components
- The other one is described in here.
This one downloads additional components from marx2.altervista.org, and it's actually not new at all: we've detected it since beginning of October.
This clearly isn't a breach of Skype itself. There's no vulnerability that's being exploited. This is simply a social engineering attack using Skype to try inducing people to click the link and download.
Technorati Tags: Skype, infosce, social engineering, worm
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine