Security firm Websense has detected a worm that uses Skype to propagate. Though the number of people affected by this Skype worm is still unclear, Websense is still investigating the issue however it has released a few details as for now:
users receive messages via Skype Chat to download and run a file
the filename is called sp.exe
assuming the file is run it appears to drop and run a password stealing Trojan Horse
the file also appears to run another set of code that uses Skype to propagate the original file
the file is packed and has anti-debugging routines (NTKrnl Secure Suite packer)
the file connects to a remote server for additional code
the original site has been black holed and is not serving the code anymore
the number of victims is still TBD
the original infections appear to be in APAC region (Korea in particular)
So you can avoid getting infected by this Skype worm by making sure you do not download sp.exe file while using Skype.
RSS |
Permanent Link
|
Del.icio.us
|
Cosmos
|
Digg
|
Slashdot
|
