Trojans and viruses

We’ve seen some instances where a chat message masquerading as a link to an image file instead leads to a piece of malware. The chat messages may look similar to this:

If you receive something like this through a Skype chat message, do not be alarmed. Instead, ignore it and block the sender. Do not click on the link or open the file that the link points to.

When executed, however, the Trojan downloader creates a Microsoft Studio Files folder in the Program Files directory, populating it with a copy of itself (lsass.exe) as well as a script file (vcdg.bat) that helps it bypass the Windows firewall. The program also changes the Windows registry to enable automatic execution upon Windows startup and to bypass the Windows firewall. Following these steps, the program downloads files into the infected system.

The Skype security team would like to remind users to keep their antivirus software updated and maintain a skeptical eye toward chat messages that don’t seem quite right and contain internet links, whether they appear to come from friends or total strangers.

Some users have received the following message through Skype chat:

www.alertscan.net/?q=update

If you receive something like this through a Skype chat message, do not be alarmed. Instead, ignore it and block the sender. This is chat spam aimed at scaring users into purchasing an alleged antivirus product.

The purported remote virus scan performed by the site behind the URL is also a fake: it is a harmless movie, not a real scan. The “results” of this fake scan are also false.

That said, if you receive a chat message from an unknown user and/or an internet link that you’re not sure of, please err on the side of caution and do not click on such links.

It has come to our attention that some Skype for Windows users have been affected by a piece of malware that masquerades as a chat message aimed at finding a lost girl.

Please do not follow any internet links you may receive in chat messages that resemble the following: “Please help me to find this Girl”.

Clicking on the link will lead you to download a worm that is currently best described here.

Currently, this piece of malware — a new strain of the Stration/Warezov worm — can be detected by the following antivirus software: AntiVir, ArcaVir, AVG Antivirus, BitDefender, F-Secure, Kaspersky, McAfee, Microsoft, Norman Virus Control, Panda Antivirus, Sophos Antivirus, TrendMicro, VBA32.

Some Windows users have been affected by a malware program that imitates Skype software and attempts to steal sensitive information. 65404-SkypeDefenderSetup.exe is classified as an Infostealer, that is, a Trojan horse program that attempts to steal sensitive information such as login credentials.

Continue reading "Skype Defender malware alert" »

You may have read in today’s media accounts about a Skype worm being “on the loose” on the Internet. I wanted to bring you up to date on this story and how the problem has been solved.

We learned yesterday (Tuesday, 19 December 2006) that there were reports floating in information security circles that there was a “Skype worm” in the wild. We contacted a number of sources, both in the infosec industry and within eBay, as well as some key security researchers, to learn more about the incident.

Continue reading "Reports of Skype worm" »

We saw in the news today that there’s a Skype-related trojan, reported by MessageLabs. We haven’t seen it in our own inboxes yet, but it’s certainly something to worry about. It was no doubt “inspired” by a newsletter we recently sent to our users who have opted in to receive e-mail, to inform them about the release of Skype for Windows 1.4. As Skype grows in popularity, so does the chance of having more malicious content that use Skype’s name for evil purposes.

Let’s reiterate (and if your colleagues and grandma are on Skype, please tell them too):

Skype never sends software updates by e-mail. We do send information about your orders if you bought something from us, and we send newsletters and survey invitations, if you opted in to receive Skype e-mail when you registered your Skype Name, but that’s it. So if you receive a software update e-mail from Skype, please delete it, and tell others to do the same.

Skype uses digital signatures to help users ensure that its software releases are valid. You can verify the authenticity of Skype software by confirming that its digital signature is valid. Instructions for checking the digital signature of Skype’s software are described in the Administrator’s Guide to Skype, which may be downloaded from skype.com/security/.