Trojan horse uses Skype to help spread itself

Summary:Although it relies on a bit of social engineering (you have to be duped into running the code) and Skype itself is not its means of transmission (don't shoot the messenger!), users of Skype should be on the lookout for attempts to load some malicious code known as Warezov or Stration onto their computers (I could have said "worm its way in," but that would have been technically inaccurate).

Although it relies on a bit of social engineering (you have to be duped into running the code) and Skype itself is not its means of transmission (don't shoot the messenger!), users of Skype should be on the lookout for attempts to load some malicious code known as Warezov or Stration onto their computers (I could have said "worm its way in," but that would have been technically inaccurate). According to John Blau:

The malicious code, known as both Warezov and Stration, is similar to an earlier version detected in February, but with a new URL (uniform resource locator) and a new version of the malicious code, according to an alert posted Thursday by Websense Inc...Websense warns Skype users to watch for the message "Check up this," with a URL containing a hyperlink...The code itself isn't self-propogating but when it runs, the URL is sent to everyone on the user's contact list.

I wonder if this is the type of drive-by malware that Vista wouldn't stop dead in its tracks. Instead of trying to install something (attempts at installing software appear to be what prompts Vista's UAC security dialogs that are designed to stop drive by installations), it just runs some executable code (the file is called file_01.exe).

In my attempts to run a simple executable file (an EXE file) under a limited user account in Windows Vista, Vista offers no complaints and simply runs the file (I tried this by double clicking on an EXE file stored on a USB key). This is one reason I've questioned the decision to exclude more robust outbound blocking from Vista's built-in firewall. There are ways for code -- code like this Trojan -- to inadvertently get executed on a PC I can't be certain. But based on the description of what this code does, it calls out to the Internet for more code. It sounds like the sort of thing that a decent outbound blocking firewall would block.

Topics: Malware

About

David Berlind was fomerly the executive editor of ZDNet. David holds a BBA in Computer Information Systems. Prior to becoming a tech journalist in 1991, David was an IT manager.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.