Skype Users Slammed by New Virus
According to F-Secure, the new worm targeting Skype users creates several startup keys for itself in the Windows Registry and even modifies the Windows hosts file to block access to antivirus vendor sites. The new Skype worm also terminates processes belonging to antivirus software and copies itself to removable drives so it can replicate.
"Hey, where I put ur photo ;-) now u populr. oops sorry please dont look there. look what crazy photo Tiffany sent me, looks cool." Skype users were seeing variations of that innocent-seeming text message Monday and Tuesday, as a virus targeted the peer-to-peer telephony network.
Deemed Skipi.A by F-Secure and Pykspa.D by Symantec, the virus is a worm that disables antivirus software , installs password-sniffing software, and spreads by sending chat messages to other Skype users, inviting them to click on the links.
Antivirus companies F-Secure, Kaspersky Lab, and Symantec already have updated their software to catch and remove the worm, according to Skyp's Villu Arak. The virus only affects Windows computers.
Antivirus Software Updated
According to Arak, when users click on the link to a supposed image, a Windows dialog box pops up. If the user runs or saves the file, the machine will be infected with the worm. The worm uses Skype's application programming interface (API) to access the PC, Arak said.
According to F-Secure, the worm creates several startup keys for itself in the Windows Registry and modifies the Windows hosts file to block access to antivirus vendor sites. It also "terminates processes belonging to antivirus software," F-Secure said, and copies itself to removable hard drives.
Most users should update their antivirus software and scan for the worm, Arak said. Expert users can follow directions on the Skype blog or at the Symantec and F-Secure pages linked from the blog to manually delete the virus.
Attack Not Over
As of Tuesday morning, the worm attack was "not over," Phil Wolff, editor of the independent Web site Skype Journal, said via Skype chat. "I can't tell the scope but I'm still getting a handful of outputs in my inbox this morning."
This appears to be the first virus attack against Skype, Wolff said. "Contrast this to the many viruses and worms you've seen over the years with other carriers," he said. "In my mind, this is just confirmation that the Skype community has become large enough to warrant virus writers' time."
Skype would certainly be happy to sidestep this confirmation of its success, especially because a days-long outage is still fresh in users' minds. Will repeated virus attacks at the system remind users one too many times that Skype is not the phone company?
"I doubt Skype ever had that reputation," Wolff said. "Skype is Skype, with a fairly unique positioning in the marketplace. It's a more flexible communication tool than the phone, [and it] works over many kinds of Internet connections, but it is fundamentally a product of the desktop and the Internet, with all the usual problems that go with it."
The outage has not had a "direct impact on users or adoption," Wolff said. "I'm sure Skype is putting a few measures in place to identify growing outages faster, predict them through modeling and simulation, and deploy systems to speed recovery from interruptions."
