Skype worm no cause for panic, says expert

Security research firm Bkis earlier this month warned of a vicious virus targeting both Skype and Yahoo! Messenger. BKIS said in a blog post the attack involved inserting malicious URLs into chat windows with sophisticated social engineering hooks.

Also see Social Engineering: The Basics

Each time, the messages sent have different contents, noted Bkis researchers. Examples include "Does my new hair style look good? bad? perfect?" "My printer is about to be thrown through a window if this pic wont come our right. You see anything wrong with it?" The message contains a link to a web page that appears to lead to a JPEG or image file.

"The users are more easily tricked into clicking the link by these messages, because users tend to think that "their friend(s)" are asking for advice," Bkis said in its posting. "If a user clicks the link, his browser will immediately load to a website with Rapidshare-like interface, and a .zip file will be available for download."

The W32.Skyhoo.Worm, as it was named by Bkis, automatically exits if the victim's computer is not installed with Skype or Yahoo! Messenger and automatically sends messages with different contents containing malicious URLs to user names in the Skype/Yahoo! Messenger friend list of the user. Michael Gough, owner of the web site, and author of 'Skype Me! From Single User to Small Enterprise and Beyond ,' spoke to CSO earlier this year about Skype's benefits and challenges in the business environment (See Skype security: Is the popular VOIP service safe for business?).

Gough said while this virus is targeting Skype, it's really social engineering and awareness that need to be considered.

"If I can get you to install anything I own the system and the applications, it does not matter which app," said Gough. "The fact this is taking advantage of Skype is secondary or almost moot. Skype has APIs and functionality that allows this to be used. If Skype wants to change the code to prevent this from happening they may break or disable functionality they actually wanted to provide."

In other words, according to Gough, don't knock Skype for this attack. Instead focus on awareness among users if you are using Skype in the workplace and give them a warning about social engineering rather than worrying about the application's security.

"This is actually just another social engineering attack," Gough told CSO. "The user has to be fooled into downloading and installing a piece of malware. So really it is not attacking Skype, it is trying, in many cases successfully to fool a user to provide access and then use an application, in this case Skype to proliferate more social engineering."

Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.

Join the CSO newsletter!

Error: Please check your email address.

Tags yahoo! messengerskypesecurityvirus

More about MessengerSkypeYahoo

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Joan Goodchild

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place