NEWS FROM THE LAB - Tuesday, December 19, 2006

Skype Worm Posted by Mikko @ 11:58 GMT

We've received some queries about a Skype worm.

The situation is a bit confusing right now, but here's what we know:

  • There is no massive outbreak going on
  • There is something spreading on Skype, but only in limited numbers
  • It is not exploiting a vulnerability in Skype but simply sending chat messages asking you to download and run the infected executable
  • There are two different and separate malware samples being talked about relating to this case, confusing things further
  • One of them is named "sp.exe". We received a sample of this yesterday and added detection. This one is connecting to nsdf.no-ip.biz in its attempt to download additional components
  • The other one is described in here. This one downloads additional components from marx2.altervista.org, and it's actually not new at all: we've detected it since beginning of October