Malware Watch: Skype exploit, Skype-themed malicious spam campaigns detected

Summary:Researchers from M86 Security Labs are reporting on a currently active malware campaign, using for the first time a working exploit targeting the (fixed) EasyBits Extras Manager Unspecified Vulnerability, reported in October, 2009.

Researchers from M86 Security Labs are reporting on a recently detected malware campaign, using a working exploit targeting the (fixed) EasyBits Extras Manager Unspecified Vulnerability, reported in October, 2009.

The company is also emphasizing on the fact that despite Skype's advice in their "release notes" recommending that users should use antivirus protection in case of "any problems", the exploit is currently detected by 1 out of 41 signatures-based antivirus scanners.

Meanwhile, a separate spamvertised malicious campaign, is using Skype-themed "Problem with your payment" theme, with the campaign itself part of an aggressive spamming effort observed over the past few days.

More details on the campaigns:

Skype versions susceptible to exploitation through the EasyBits Extras Manager Unspecified Vulnerability:

Skype Technologies Skype 4.0.0.206 Skype Technologies Skype 4.0.0.215 Skype Technologies Skype 4.0.0.216 Skype Technologies Skype 4.0.0.224 Skype Technologies Skype 4.0.0.226 Skype Technologies Skype 4.0.0.227 Skype Technologies Skype 4.1.0.130 Skype Technologies Skype 4.1.0.136 Skype Technologies Skype 4.1.0.141 Skype Technologies Skype 4.1.0.166

In terms of scale, Bradley Anstis, VP of Technology for M86 Security said that, based on their data for the time being, the campaign doesn't appear to be a massive one: "The campaign is also an example of the issue of application patching (see related: Secunia: Average insecure program per PC rate remains high), and how for most users the vulnerability window is much larger than what is reported solely because they do not update to the latest versions as soon as they are available."

In fact, one of the most common problems -- Google Search clustered it as well -- faced by some Skype users from a security perspective, is their inability to directly update it using the "Check for updates" feature. This known behavior, is leading to an unknown number of Skype users running outdated versions of it. That's, of course, only if we assume that the remaining are actually running the latest version.

Users are advised to check whether they're running the latest version of Skype, and if not, download it from the official site.

The second malware campaign, is not just directly impersonating Skype, but is also part of series of spam emails serving client-side exploits, launched by the same malicious attackers. Related themes they're currently using are "Reset your Facebook password"; "Virus Notifications" "Twitter Password Resets", and "FIFA World Cup Scandals/Bad news", all of which contain malicious .html attachments.

Topics: Malware, Collaboration, Security, Social Enterprise

About

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.