X
Tech

Trojan horse uses Skype to help spread itself

Although it relies on a bit of social engineering (you have to be duped into running the code) and Skype itself is not its means of transmission (don't shoot the messenger!), users of Skype should be on the lookout for attempts to load some malicious code known as Warezov or Stration onto their computers (I could have said "worm its way in," but that would have been technically inaccurate).
Written by David Berlind, Inactive

Although it relies on a bit of social engineering (you have to be duped into running the code) and Skype itself is not its means of transmission (don't shoot the messenger!), users of Skype should be on the lookout for attempts to load some malicious code known as Warezov or Stration onto their computers (I could have said "worm its way in," but that would have been technically inaccurate). According to John Blau:

The malicious code, known as both Warezov and Stration, is similar to an earlier version detected in February, but with a new URL (uniform resource locator) and a new version of the malicious code, according to an alert posted Thursday by Websense Inc...Websense warns Skype users to watch for the message "Check up this," with a URL containing a hyperlink...The code itself isn't self-propogating but when it runs, the URL is sent to everyone on the user's contact list.

I wonder if this is the type of drive-by malware that Vista wouldn't stop dead in its tracks. Instead of trying to install something (attempts at installing software appear to be what prompts Vista's UAC security dialogs that are designed to stop drive by installations), it just runs some executable code (the file is called file_01.exe).

In my attempts to run a simple executable file (an EXE file) under a limited user account in Windows Vista, Vista offers no complaints and simply runs the file (I tried this by double clicking on an EXE file stored on a USB key). This is one reason I've questioned the decision to exclude more robust outbound blocking from Vista's built-in firewall. There are ways for code -- code like this Trojan -- to inadvertently get executed on a PC I can't be certain. But based on the description of what this code does, it calls out to the Internet for more code. It sounds like the sort of thing that a decent outbound blocking firewall would block.

Editorial standards