Skype Attracting More Malware

As with any service the bigger you are the better a target you are. As Skype's messaging platform continues to draw more and more users that is becoming ever more apparent as Skype is becoming an attractive target for malware writers.

More and more reports are surfacing about malware that is specifically engineered towards Skype's services and users. The latest reports came last week with the reporting of the Shylock financial malware spreading on Skype and yesterday two worms dubbed, Bublik and Phorpiex, were discovered spreading through Skype in Japan.

Bublik is a backdoor with rootkit functionality. It opens a direct connection between an infected computer and a control server and downloads additional plug-ins. In this case, Trend Micro discovered the Kepsy worm, which helps Bublik spread over Skype and also clears Skype message history. Bublik can also enable remote access for an attacker giving them total control over the infected machine. It also gathers and reports application data, system and network information, hardware specs and running processes.

The Phorpiex worm targets removable drives and spreads via Skype messages with links to sites hosting the worm. On Skype, the threat is distributed via messages that read “LOL,” followed by a link to what appears to be an image file. The Skype messages are actually generated by a plugin called WORM_PESKY.A. Trend Micro said Phorpiex connects to an IRC server and joins a particular IRC channel in order to execute commands from the attacker. It also downloads other malware onto the compromised system and sends itself out in email attachments. The worm will delete itself after it executes.

So far Phorpiex has been mainly targeting users from Japan with roughly 83% of all reported infections being found there.

With the widespread use and availability of the Skype in the Workplace beta, more users joining the service and Microsoft recommending Windows Messenger users move to Skype on March 15 when its platform disappears, these threats are likely to continue and likely to become even more sophisticated. Users need to remember to be ever vigilant when clicking links as most of these infections spread through infected sites that are linked in messages.