• SIP
Broadband & Mobile Featured Article
October 18, 2007
Password Stealing Trojan Targets Skype
By Raju Shanbhag TMCnet Contributing Editor
The attacks on VoIP
services are on the rise, and the latest target seems to be the popular eBay owned site, Skype (News - Alert). Posing as a security plug-in for and displaying a fake log-in screen stunningly identical to original one, a password-stealing Trojan is targeting Skype. Different companies have given it different names; while Skype calls it 65404-SkypeDefenderSetup.exe, McAfee's (News - Alert) Avert Labs identifies the Trojan by the name Trojan-Spy.Win32.Skyper.B.
But what the Trojan does is similar to what many of its predecessors have done before. The Trojan disguises itself as the “Skype Defender” and tries to steal Skype user names and passwords, along with all user names and passwords saved in Internet Explorer. The Trojan isn’t spreading all by itself. Instead, the owner of this Trojan is posting the exe file different chat rooms and forums and relying on unsuspecting users to execute it. When the user executes it, the Trojan disables running instances of Skype and swaps in its fake Skype log-in window.
But according to a report in PC Magazine, there is a way to identify the fake web site. In the fake web site, none of the hyperlinks work on the fake log-in screen. Also, the sign-in button of the phony log-in screen has a metallic gray border, whereas on Skype's legitimate log-in screen, the button has a red border.
This is not the first time Skype is targeted by Trojans. McAfee says that in the recent time, at least 12 Trojans have tried to target Skype. Recently, security firm Symantec had identified W32.Pykspa.D which was spreading malicious codes through instant messages in Skype for Windows. Messages were sent to other Skype users from the infected machines asking them to click on a seemingly harmless link. When the users clicked on the link, the infection spread to their PC as well.
Many security experts feel uneasy about the methods used by Skype and they feel it is impossible to know what malware it's dragging onto an enterprise network because of its encryption methodology.
Raju Shanbhag is a contributing editor for TMCnet. To see more of his articles, please visit his columnist page.
services are on the rise, and the latest target seems to be the popular eBay owned site, Skype (News - Alert). Posing as a security plug-in for and displaying a fake log-in screen stunningly identical to original one, a password-stealing Trojan is targeting Skype. Different companies have given it different names; while Skype calls it 65404-SkypeDefenderSetup.exe, McAfee's (News - Alert) Avert Labs identifies the Trojan by the name Trojan-Spy.Win32.Skyper.B.
But what the Trojan does is similar to what many of its predecessors have done before. The Trojan disguises itself as the “Skype Defender” and tries to steal Skype user names and passwords, along with all user names and passwords saved in Internet Explorer. The Trojan isn’t spreading all by itself. Instead, the owner of this Trojan is posting the exe file different chat rooms and forums and relying on unsuspecting users to execute it. When the user executes it, the Trojan disables running instances of Skype and swaps in its fake Skype log-in window.
But according to a report in PC Magazine, there is a way to identify the fake web site. In the fake web site, none of the hyperlinks work on the fake log-in screen. Also, the sign-in button of the phony log-in screen has a metallic gray border, whereas on Skype's legitimate log-in screen, the button has a red border.
This is not the first time Skype is targeted by Trojans. McAfee says that in the recent time, at least 12 Trojans have tried to target Skype. Recently, security firm Symantec had identified W32.Pykspa.D which was spreading malicious codes through instant messages in Skype for Windows. Messages were sent to other Skype users from the infected machines asking them to click on a seemingly harmless link. When the users clicked on the link, the infection spread to their PC as well.
Many security experts feel uneasy about the methods used by Skype and they feel it is impossible to know what malware it's dragging onto an enterprise network because of its encryption methodology.
Raju Shanbhag is a contributing editor for TMCnet. To see more of his articles, please visit his columnist page.
