Another file -- the Skype binary that the user is prompted to accept -- accesses the VoIP application, then harvests any online Skype contacts and transmits those names to a remote server.
Although Skype is best known as a telephone-style service, it uses an instant messaging-like contact list for easier calling, and includes a chat function for text messaging. The Trojan, in fact, is applying the same attack techniques commonly used in instant messaging attacks.
The servers the attacker used to download malicious code to infected computers are now down, Hubbard confirms.
"The one thing that's unusual here is its use of a public API," says Hubbard. The two-part API allows Skype to connect to USB devices, such as VoIP phones, and lets third-party applications access some of Skype's functions, such as making a call.
"This is either spreading very slowly, and only regionally, or it's dead by now," Hubbard says.