Malware Watch: Skype exploit, Skype-themed malicious spam campaigns detected

Malware Watch: Skype exploit, Skype-themed malicious spam campaigns detected

Summary: Researchers from M86 Security Labs are reporting on a currently active malware campaign, using for the first time a working exploit targeting the (fixed) EasyBits Extras Manager Unspecified Vulnerability, reported in October, 2009.

SHARE:

Researchers from M86 Security Labs are reporting on a recently detected malware campaign, using a working exploit targeting the (fixed) EasyBits Extras Manager Unspecified Vulnerability, reported in October, 2009.

The company is also emphasizing on the fact that despite Skype's advice in their "release notes" recommending that users should use antivirus protection in case of "any problems", the exploit is currently detected by 1 out of 41 signatures-based antivirus scanners.

Meanwhile, a separate spamvertised malicious campaign, is using Skype-themed "Problem with your payment" theme, with the campaign itself part of an aggressive spamming effort observed over the past few days.

More details on the campaigns:

Skype versions susceptible to exploitation through the EasyBits Extras Manager Unspecified Vulnerability:

Skype Technologies Skype 4.0.0.206 Skype Technologies Skype 4.0.0.215 Skype Technologies Skype 4.0.0.216 Skype Technologies Skype 4.0.0.224 Skype Technologies Skype 4.0.0.226 Skype Technologies Skype 4.0.0.227 Skype Technologies Skype 4.1.0.130 Skype Technologies Skype 4.1.0.136 Skype Technologies Skype 4.1.0.141 Skype Technologies Skype 4.1.0.166

In terms of scale, Bradley Anstis, VP of Technology for M86 Security said that, based on their data for the time being, the campaign doesn't appear to be a massive one: "The campaign is also an example of the issue of application patching (see related: Secunia: Average insecure program per PC rate remains high), and how for most users the vulnerability window is much larger than what is reported solely because they do not update to the latest versions as soon as they are available."

In fact, one of the most common problems -- Google Search clustered it as well -- faced by some Skype users from a security perspective, is their inability to directly update it using the "Check for updates" feature. This known behavior, is leading to an unknown number of Skype users running outdated versions of it. That's, of course, only if we assume that the remaining are actually running the latest version.

Users are advised to check whether they're running the latest version of Skype, and if not, download it from the official site.

The second malware campaign, is not just directly impersonating Skype, but is also part of series of spam emails serving client-side exploits, launched by the same malicious attackers. Related themes they're currently using are "Reset your Facebook password"; "Virus Notifications" "Twitter Password Resets", and "FIFA World Cup Scandals/Bad news", all of which contain malicious .html attachments.

Topics: Malware, Collaboration, Security, Social Enterprise

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

4 comments
Log in or register to join the discussion
  • RE: Malware Watch: Skype exploit, Skype-themed malicious spam campaigns detected

    I love the fact that the first reply to this article is a spam email
    mike.globe
    • RE: Malware Watch: Skype exploit, Skype-themed malicious spam campaigns detected

      thats true there is many spammers let me put my url : <a href="http://www.top10google.it">Posizionamento siti web</a>
      hotelsudtirol
  • skype virus

    there was also a report telling that you can also get virus by using skype and you can only get rid of it if you uninstall skpe.. this is the same virus found in yahoo messenger.
    jplumbre
  • wow

    It's always the most popular ones that get targeted first. Kind of like with windows -- there are dozens of viruses out there for windows, but none (that I know of or have heard of) for Macs. Lessons? 1. Always stay alert. 2. If you don't know how to do that, go with something that's a little less popular so you don't have to worry about this type of thing.
    grace_10