A new variant of the Warezov/Stration worm is using the Skype network to spread, two security companies have reported.
Dubbed ‘Skypezov’ by F-Secure three weeks ago, but noticed more recently by Websense in a new variant, the malware uses the popular VoIP and instant messaging (IM) network to attempt to con its users into clicking on a weblink with the lure “Check up this”.
Following the instruction causes any one of a small family of infected files to be installed which have number of purposes, including emailing the criminals using a connection to a Yahoo mail server to confirm infection, and opening backdoors on the PC.
Mercifully, Websense reports, the SMTP Yahoo element of the latest version of the malware appears not to function correctly because the server is no longer working, but the program is still able to harness a user’s Skype contacts to attempt to spread itself to new victims.
Although there is no vulnerability in Skype itself, the use of the software as a distribution channel exploits a new form of social engineering. As with other instant messaging programs, the chances are users will be more trusting of messages that appear to come from known individuals, and click on the link. As every, malware works in percentages, with even low click-through rates for this type of scam counting as a success.
The incidence of the original F-Secure-researched variant of Skypezov was stated by the company as only being two people, but it now looks as if the malware has continued to seek victims with new versions of itself, no doubt trying new payloads as well.
Malware that uses Skype as channel through which to spread is still rare, but has become more common recently. Only last December, http://www.techworld.com/security/news/index.cfm?newsid=7634another worm hit the network, with much the same design as Skypezov.
Previously, criminals had tried the more conventional route of trying to get users to install malware by http://www.techworld.com/security/news/index.cfm?newsid=4619sending emails masquerading as one of the not infrequent Skype updates.