Skype Logo Take a deep breath™.
Buy Skype Credit · Help ·
  • Download
  • Use Skype
  • Business
  • Shop
  • Account
Kurt

Reports of Skype worm

By My status Kurt on December 20, 2006 in Trojans and viruses.

You may have read in today's media accounts about a Skype worm being "on the loose" on the Internet. I wanted to bring you up to date on this story and how the problem has been solved.

We learned yesterday (Tuesday, 19 December 2006) that there were reports floating in information security circles that there was a "Skype worm" in the wild. We contacted a number of sources, both in the infosec industry and within eBay, as well as some key security researchers, to learn more about the incident.

By late on 19 December, we had obtained a copy of one of the two variants of the worm, and we learned that the attack was:

* not a worm; and
* made very minimal use of Skype

In particular, the program was a Trojan Horse that spreads over the web. Although it uses Skype to propagate itself, it makes legal use of our APIs to simply send a web link (URL) to another user -- that is the full extent of the use of Skype.

As of 20 December, the sites distributing the malware had been taken off the net, thereby effectively stopping further spread of the malware.

There are a number of news reports about this event on the web, such as:

* [vnunet.com](http://www.vnunet.com/vnunet/news/2171323/experts-downgrade-skype-worm)
* [websense.com](http://www.websense.com/securitylabs/alerts/alert.php?AlertID=716)

Of course, as is the case with every incident, we will be doing a post-mortem to see how we can prevent such events in the future.

View blog reactions

Comments

Hello,
I couldn't find a virus report area on Skype therefore I am addressing you for advice.

I suspect my computer has a virus that is using Skype. I came to this conclusion after doing several tests. What happens is this: when I start-up, my systems starts using the internet. My computer runs on a home network and we use another computer to access the internet via a dial-up connection. I can see ZoneAlarm flashing as well as the network indicators but I never found which was the application that was using the net. So I decided to stop each application and watch the results. When I close Skype, these communications stopped. I then downloaded the "Ethereal Network Protocol Analyzer" and found that Skype was actively connecting to the following addresses and ports:

71.99.104.42 from port 4227 to port 4302
24.59.44.225 from port 4220 to port 43407
206.75.128.112 from port 4222 to 43437
126.164.79.192 from port 4225 to 63124

There are several other addresses that I can send to you if you think it worthwile.

Please inform if this is a legitimate Skype information exchange or if, as I suspect, it can be caused by a virus.

In any case, I have run the most recent AVG anti-virus test and nothing was discovered.

Please help me out with this for my computer is behaving erratically and my access to the internet is very compromised.

petr_svacina | Saturday, Mar 31

Hi all,

Before few days I find great text related to this thema at:

Security CENTRAL Forum

http://www.SCForum.info

samirglusac | Tuesday, Jul 3

yeah ive noticed as well that skype when i start skype up it conects to almost 15 ips?? why is this, then after a while only 2 are left, then when i start making a call ips appear again and disappear?

is this a normal process? does skype need to connect to this many ips? I also have auto update disabled and skype tips etc, all it should do is connect to a skype server i asume? maybe i am wrong and when i make a call all it should do is connect to the other person right?

and only sometimes ive noticed that contacts cant see me online, but when we ring each other we can see each other suddenly, asume this is to do with connectiviy or lag issues?

anyway some help or why this is happening be great,

Ta for the great progam you have created though, i use it almost everyday to chat with family overseas and mates here in australia, im dutch and this program brought my family a little bit closer to me, msn etc is to laggy and you cant do a proper video chat either, with skype it is as if im on the phone talking to them and the video is pretty fast.

anyway thanks for all the support and keep up the good work!

mr.eba | Tuesday, Jul 17

Comment on this post

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Skype Blogs
  • Share Skype Blog
  • About Skype
  • Heartbeat
  • Developer Zone
  • Business
  • Jobs
  • Skype Prime
  • Skype Gear
  • Security
  • Garage
  • Mac
  • Linux
  • Eesti keeles
  • Töökuulutuste leht
  • 日本語
  • Česky
  • Deutsch
  • Français
  • Italiano
  • Brasil
  • United Kingdom
  • Svenska
  • Polski
  • United States

Recent posts

  • Skype misidentified as malware
  • Trojan downloader alert
  • Skype cross-zone scripting vulnerability now fixed
  • (Resolved) Skype Cross Zone Scripting Vulnerability
  • Vulnerability in Skype for Windows versions older than 3.6.x.216
  • Password stealer
  • Fake malware alert
  • Skype for Mac on Leopard
  • Updated: Malware alert
  • Skype Defender malware alert

Archives

  • April 2008
  • February 2008
  • January 2008
  • December 2007
  • November 2007
  • October 2007
  • February 2007
  • January 2007
  • December 2006
  • May 2006
  • March 2006
  • February 2006
  • October 2005
  • May 2005

Subscribe to this blog
What? Tell me more…

using RSS Subscribe
via Bloglines Subscribe in Bloglines
using Newsgator Subscribe in NewsGator Online
with MyYahoo
with Google Add to Google
with MyAOL Add to My AOL
with netvibes Add to Netvibes
About us · Partners · Jobs · Prices · Security
Privacy policy · Legal · © 2008 Skype Limited