Worm tries to spread via Skype
Websense has reported on a new worm that tries to spread via Skype. But to do so, the contaminant does not use any security holes in the Internet telephony software, but rather tries to get users to download and launch a file. The potential victim first receives a message via Skype Chat. There are no exact figures about how common this worm has become. It probably originated in Asia.
Websense has reported that a trojan on infected systems steals passwords. In addition, the worm begins to offer its original file via Skype. This worm, which has not yet been named, is not one you find every day. According to the first analyses, it has anti-debugging routines and is equipped with a special packer called NTKrnl Secure Suite that makes it as hard as possible for virus scanners to detect contaminants in files. The suite also uses polymorphism and encrypts the program. As Skype encrypts data traffic between clients, it is at least not possible for virus filters to look into the data transported at the Internet gateway. Skype was already the nightmare of many network admins because it can drill holes into firewalls. The background article "How Skype & Co. get round firewalls" at heise Security describes the clever tricks that Skype uses to do this.
In addition, the trojan connects to a server to download additional code. The download server is no longer reachable, though that will not necessarily stop the worm from spreading.
- Potential Skype worm propagating., Websense's report