Skype Trojan Horse on the loose, but removal’s easy
Russel Shaw reports:
Yesterday Websense Security Labs reported that there was a potential Worm propagating via Skype (see: http://www.websense.com/securitylabs/blog/blog.php?BlogID=101). After investigation we have discovered that this is not a self propagating worm and is actually a Trojan Horse.
After discussions with the very helpful Skype security team, the behavior of this Trojan using the Skype API is as per the specifications of the API. The end-user who is running Skype does get notified that a program is attempting to access it and must acknowledge it.
*there is no vulnerability in Skype at this time that has been uncovered*
For more details on the Skype API see https://developer.skype.com/Docs/ApiDoc/Overview_of_the_Skype_API
At the time of this alert the websites that were used to download the Skype API code and the site that is used to download new copies of the Trojan were both down.
Websense says the original infections appear to be occuring in the Asia Pacific region, especially Korea.
According to Symantec, here's what happens when this piece o' crap launches executes:
1) Searches the registry for the location of the Skype application.
2) Displays the following message and then exits if it cannot find the registry: Error!I could not find Skype !
3) Executes the Skype application and displays the following message if it finds the registry:Warning!Allow this program in skype!
4) Queries Skype for random users every 3 minutes.
5) Starts the Skype application and sends the following message to the users:Check this! [http://]marx2.altervista.org/surpr[REMOVED]
All that said, this appears to be some pretty weak malware. Symantec says so.
Removal via Symantec's daily virus definition update fixes this…
Hey There. I found your blog using msn. This is a very well written article.
ReplyDeleteI will be sure to bookmark it and return to read more of your useful information. Thanks for the post.
I'll definitely return.
Tһank you for tһe gߋod writeup. It in fact was a amusement account it.
ReplyDeleteLook ɑԁvɑnced to more added agreeable from yoᥙ!
By the way, how can we communicate?
Thank you!
DeleteYou can contact me with the contact form in the right side bar. But please note that I do NOT blog about Skype any more!
Helen
Thank you!!
ReplyDeleteHelen
I am forever thought about this, appreciate it for posting.
ReplyDeleteVery interesting info!Perfect just what I was searching for!
ReplyDeleteHello, There's no doubt that your site might be having internet browser compatibility problems.
ReplyDeleteWhen I take a look at your web site in Safari, it looks fine however, when opening in I.E., it has some overlapping issues.
I merely wanted to provide you with a quick heads up! Aside from that, fantastic website!
Some truly marvellous work on behalf of the owner of this site, utterly great subject material.
ReplyDeleteThanks for sharing your thoughts about online alarm
ReplyDeleteclock ms. Regards
I loved aѕ mᥙch as you wilⅼ receive caгried out
ReplyDeleteright here. The sketch is attractive, уour authored subject matter stylіsh.
nonetheless, you command get got an impatience over that yoᥙ wish be delivering the following.
unwell unquestionaƄly come more formеrly agɑin since exaϲtly the same neɑrly very often inside case you shield this hike.
Keep up the excellent piece of work, I read few content on this web site and I believe that your web site is real interesting and has bands of great info.
ReplyDeleteThank you very much for your appreciated reply! :-)
DeleteI usually do not leave a leave a response, but after reading
ReplyDeletea lot of responses on this page Untitled. I actually do have 2 questions for you if you tend not to mind.
Is it simply me or does it seem like some of the responses look
like they are written by brain dead people? :-P And, if you
are posting on other places, I'd like to follow you.
Would you post a list of the complete urls of your public sites like your twitter feed, Facebook page
or linkedin profile?
Thank you for your comment :-)
DeleteI post indeed in other places but not about Skype.
All the other sites (Facebook, Twitter etc) are listed in the header of this Blog! I hope this helps.
Helen.
Hello, i think that i saw you visited my website so i
ReplyDeletegot here to return the desire?.I am attempting to find
things to improve my site!I suppose its ok to use a few of your
ideas!!
Dear Anonymous, I might have visited your site clicking the Stats but since you post as Anonymous, I don't know which site is yours ;-)
DeleteFeel free to use ideas, that is a huge compliment. As long as you do not use my name, stories or the photo's: all licensed!! You may post a link to my Blog of course.
Wishing you success!
Helen
Yes! Finally something about loss product
ReplyDeletechoices.
Real clean web site, regards for this post.
ReplyDeleteFirst of all I want to say awesome blog! I had a quick
ReplyDeletequestion which I'd likee to ask if you don't mind. I waas interested to find out how yoou center
yourself aand clear your mind before writing. I've hadd a hard time clering my mind in getting my ideas out there.
I do take pleasure iin writing but it just seems like the first 10 to 15 minutes are generally wasted simply just trying to figure out how
to begin. Any suggestions or tips? Cheers!
Dear Anonymous,
DeleteThank you for your kind words!
Of course I don't mind questions and I hope I can help.
Lovely to know you also take a pleasure in writing.
I think it will differ per person or even per story how to begin. With short stories I usually have the end in my head, write it down and work from there. But sometimes it is the middle part The title is often the last part I think of.
The best is to sit down, write what you want and work from there. And sometimes the story goes a totally different direction than I had planned and I accept that, I let it tell its own story. An Example is 'Last Performance'.
Try to live the emotions of your personage without becoming it :-)
Hope this helps. Good luck and I would love to hear how your writing is going.
Helen
Yeah bookmaking this wasn't a speculative determination outstanding post!
ReplyDeleteVery nice article, totally what I needed.
ReplyDeleteHi there, I desire to subscribe for this weeb site to obtain hottet updates, therefore whede can i do iit please help.
ReplyDeleteWhhat i don't understood iss in reality how you are
ReplyDeletenow noot actually a lot more well-appreciated than yyou may be now.
You are very intelligent. You understawnd theresfore significantly with regards
to thhis matter, made me in my view believe iit from a lot of various angles.
Its like men and women aren't interested until itt is
one thing to accomplish with Girl gaga! Your personal stuffs nice.
Always handle it up!