Security Software Zone Security Software Zone
Home Contact Us
Search in
Forum SecurityToolbox Submit Software
Security Software Zone Login
Security Software Categories
News - Articles - Reviews
Free Newsletter
Join our mailing list and receive
security software news and
advice from our experts.
Submit
  Security Software Zone » Software Reviews » Virus Protection » Worm exploits a new form of social engineering via Skype

Worm exploits a new form of social engineering via Skype
Category: Virus Protection
Published: 03/26/2007, 12:14  
Editor: Remus Zoica
 
Print article
Send to a friend
Search in reviews

    The new worm is using the Skype network to spread. Two security companies have reported the new variant of the Warezov/Stration.  The malware uses the popular VoIP and instant messaging (IM) network to attempt to con its users into clicking on a weblink with the lure “Check up this”. The worm was dubbed ‘Skypezov’ by F-Secure three weeks ago, but it was noticed more recently by Websense in a new variant.

Websense offers a few details about the worm:

* users receive messages via Skype Chat to download and run a file
* the filename is called sp.exe
* assuming the file is run it appears to drop and run a password stealing Trojan Horse
* the file also appears to run another set of code that uses Skype to propagate the original file
* the file is packed and has anti-debugging routines (NTKrnl Secure Suite packer)
* the file connects to a remote server for additional code
* the original site has been black holed and is not serving the code anymore
* the number of victims is still TBD
* the original infections appear to be in APAC region (Korea in particular)

    Researchers and security analysts are confirming this worm is not targeting Skype, but is spreading through it by links, and downloads of an exe file named sp.exe. If the exe is ran, it will install a password sniffing Trojan that records and steals passwords. A separate set of code will also run which spreads this worm. In addition Websense reports, the SMTP Yahoo element of the latest version of the malware appears not to function correctly because the server is no longer working, but the program is still able to harness a user’s Skype contacts to attempt to spread itself to new victims. There is no vulnerability in Skype itself, the worm exploits a new form of social engineering. As with other instant messaging programs, the chances are users will be more trusting of messages that appear to come from known individuals, and click on the link.

Mikko Hypponen, F-Secure's chief research officer, wrote in a blog: "What's clear is there's no massive worm outbreak with Skype at the moment" and F-Secure will continue to monitor the situation

Symantec named it W32.Chatosky, samples were tested and confirmed to have originated in the APAC region, with Korea being the main country of origin. WebSense reports on their blog that the worm uses the NTKrnl Secure Suite packer, which is an encryption program that makes the files packaged look unique to detection engines.
Bookmark to:
Add 'Worm exploits a new form of social engineering via Skype' to Del.icio.us Add 'Worm exploits a new form of social engineering via Skype' to digg Add 'Worm exploits a new form of social engineering via Skype' to FURL Add 'Worm exploits a new form of social engineering via Skype' to reddit Add 'Worm exploits a new form of social engineering via Skype' to Technorati Add 'Worm exploits a new form of social engineering via Skype' to Yahoo My Web Add 'Worm exploits a new form of social engineering via Skype' to Stumble Upon Add 'Worm exploits a new form of social engineering via Skype' to Google Bookmarks Add 'Worm exploits a new form of social engineering via Skype' to RawSugar Add 'Worm exploits a new form of social engineering via Skype' to Squidoo Add 'Worm exploits a new form of social engineering via Skype' to Spurl Add 'Worm exploits a new form of social engineering via Skype' to Netvouz Add 'Worm exploits a new form of social engineering via Skype' to Rojo Add 'Worm exploits a new form of social engineering via Skype' to Bloglines Add 'Worm exploits a new form of social engineering via Skype' to Tailrank
Add comment
Security Software Zone is not responsible for the content of these User comments. The views and opinions expressed are those of the individual poster and not the Security Software Zone.
User comments (0):

There is no comment for this review.
 
Reviews related to Worm exploits a new form of social engineering via Skype
 

Finding The Right Antivirus Package
 Malicious code has evolved to a point where it is increasingly harder to keep them off one's computer.
Read More >
12/21/2006, 07:48
 

Network Protection with AVG Anti-Virus
 Providing resources and a safe haven for at-risk youth, Network Administrator for Community Youth Services in Olympia, Washington, Jeremy Kettel, manages sixty workstations and three servers for this nonprofit organization.
Read More >
05/22/2008, 12:49
 

How Computer Viruses work and How to Protect You.
 Many people are afraid of tinkering with their computers because of the fear that they might inadvertently introduce a computer virus into the computer system.
Read More >
12/14/2006, 11:04
 

New Trojan Undetected for More Than 50 Days!
 A Russian Trojan program named Gozi remained undetected for more than 50 days.
Read More >
03/27/2007, 18:14
 

Illinois Community College Network Protected with AVG Anti-Virus
 Managing a network of about 2,000 workstations, Mike Pace is Systems Technician at Rock Valley Community College in Rockford, Illinois.
Read More >
07/18/2008, 18:55

Sponsored


Copyright © 2007 Security Software Zone. All Rights Reserved. Forum Submit Software Site Map
Our websites: Titan Backup Software Invisible Secrets Encryption Software System LifeGuard Cleaner
AlphaZip Compression Tool SafeBit Disk Encryption Security Software Zone PC District