NETWORKING

  • 12/19/2006
    6:43 PM
  • Network Computing
  • News
  • Connect Directly
  • Rating: 
    0 votes
    +
    Vote up!
    -
    Vote down!

Skype 'Worm' Overrated, Says Websense

Websense has reclassified the threat as a Trojan horse and says its impact is declining.
Malware spreading on the Skype VoIP network raised alarms Tuesday, with some reports claiming that a worm was on the loose. The threat, however, is actually low, a security analyst says.

Warnings late Monday and very early Tuesday claimed that a worm was propagating across Skype -- one of the most popular voice-over-IP applications -- and infecting systems with a password-stealing Trojan horse. Tuesday, for example, Symantec issued an alert to customers of its DeepSight threat management service that a worm it dubbed "Chatosky" was spreading in the Asia Pacific region, including South Korea.

"The code isn't a worm," says Dan Hubbard, VP of research at security vendor Websense. "It relies on the end user to acknowledge a binary through the API, which is normal behavior in Skype." In addition, the threat does not make copies of itself.

"It's not exploiting a vulnerability," adds Hubbard.

Websense was among the first to post an alert about a possible Skype worm. However, after talking with the Skype security team, which is based in Estonia, Hubbard says he had reclassified the threat as a Trojan horse. "A user with Skype will get a message to download a program from a URL included in a chat message," says Hubbard. "If they click on that, a program runs in the background, then injects itself into the Explorer process. It looks like the Trojan is designed to grab forms and passwords from the browser."


Log in or Register to post comments