Zone-H.org - A worm slithering along Skype

A worm slithering along Skype

Thursday, 21 December 2006

A worm is apparently targeting Skype, Websense reported on Tuesday. The worm that firstly infected PCs in the Asia-pacific, and especially in Korea, is still under study because not all the security experts are in agreement about its origin and its nature.

Websense report says that the worm spreads through Skype's chat feature. Specifically, users receive a message asking them to download a file called "sp.exe." The executable is a Trojan horse that can steal passwords. If a user runs the Trojan it launches another set of code to spread itself.

On Websense blog it is declared that the issue is still under investigation but a few characteristics of the worm are reported:

“* the file is packed and has anti-debugging routines (NTKrnl Secure Suite packer)
* the file connects to a remote server for additional code
* the original site has been black holed and is not serving the code anymore
* the number of victims is still TBD
* the original infections appear to be in APAC region (Korea in particular)”

According to Websense, the executable appears to be encrypted with NTKrnl Secure Suite Packer, a polymorphic encryption program that makes files look unique to different detection engines. The original site that hosted the code is not serving it any more, Websense said. The study on this worm, anyway, is still in progress and the world of security is split about how to define it.

For instance, according to Mikko Hypponen, chief research officer at F-Secure, the worm isn’t targeting Skype at all. This statement was released on the basis of a study by F-Secure on a sample of the worm.

"What's clear is that there's no massive worm outbreak with Skype at the moment," Hypponen said. "We are following the situation."

On the other hand, the SANS Internet Storm Center said that they knew about “a new worm spreading via Skype " and are looking for more information.

Further details about the worm will be released as soon as tests and studies will be carried out .

Comments Index (Total Messages: 2)

Lmmfao Written by Guest on 2006-12-21 21:22:41

Beatifull Suudi Hacker Written by Guest on 2006-12-23 23:41:05

Powered by a Zone-H(ified) version of AkoComment 3.0!

DISCLAIMER: Forum postings are the opinion of the posting author alone, and should not be taken as the opinion of Zone-h. The author is entirely and solely responsible for all content that he/she uploads, posts, or otherwise transmits via the website. Zone-h is not responsible for such content. However, Zone-h shall have the right, but not the obligation, to delete, move, or edit any content that violates this agreement or is otherwise objectionable as determined by Zone-h in its sole discretion and without notice.

< Prev		Next >

[ Back ]