There’s a new worm on the loose, which targets Skype’s VoIP application. This worm harvests email addresses and directs users to a range of Web sites that host other malicious software.
F-Secure has detected this Skype Worm as IM-Worm: W32/Pykse.A. The security company has said that the Pykse.A worm spreads via Skype instant messages, posing as a link to a photograph of a scantily clad young model called Sandra. Once a user clicks on the link, and views the image, the user’s PC is infected with a downloader Trojan which then installs the worm.
Once the Pykse.A worm is up and running, it then attemps to connect to a number of remote Web sites.
Another security company, Sophos has also detected this new Skype worm. According to Brett Myroff, CEO of master Sophos distributor, NetXactics, “This is another example of the methods used by malware authors to attempt to make money.”
“With an ever increasing wave of malicious attacks, companies need to ensure that they not only have secure defense in place, but are also enforcing policies to control what programs their users run and which web sites they visit,” he added.
F-Secure calls the worm “IM-Worm:W32/Pykse.A,” and Sophos named it “Mal/Pykse-A.”
The link also directs users to at least eight websites with information about Africa. It’s not clear what type of scam or harm those pages intend, but some of the sites have advertising on them, indicating that it might be a click-fraud scam, said Graham Cluley, senior technology consultant for Sophos.
Skype has been targeted by worms in the past, none of which have inflicted great damage, and this one may be no different. “I would think this thing isn’t likely to spread terribly far and wide,” Cluley said.
That’s partly because malware spread via IM does not generally infect as many people as malware spread through more conventional routes, such as email, Cluley said. Also, users can reply to a suspicious IM and ask the sender about the link, and the lack of a response can tip off the user that something is awry.
Some sophisticated IM malware can generate an automated response to trick the user into clicking on the link, but this one does not appear to have that capability, Cluley said. However, it does set Skype to “do not disturb” status, which blocks incoming calls and other notifications, and also prevents a user from responding to an IM, Cluley said.