Researchers from M86 Security Labs are reporting on a recently detected malware campaign, using a working exploit targeting the (fixed) EasyBits Extras Manager Unspecified Vulnerability, reported in October, 2009.
The company is also emphasizing on the fact that despite Skype’s advice in their “release notes” recommending that users should use antivirus protection in case of “any problems“, the exploit is currently detected by 1 out of 41 signatures-based antivirus scanners.
Meanwhile, a separate spamvertised malicious campaign, is using Skype-themed “Problem with your payment” theme, with the campaign itself part of an aggressive spamming effort observed over the past few days.
More details on the campaigns:
Skype versions susceptible to exploitation through the EasyBits Extras Manager Unspecified Vulnerability:
Skype Technologies Skype 4.0.0.206
Skype Technologies Skype 4.0.0.215
Skype Technologies Skype 4.0.0.216
Skype Technologies Skype 4.0.0.224
Skype Technologies Skype 4.0.0.226
Skype Technologies Skype 4.0.0.227
Skype Technologies Skype 4.1.0.130
Skype Technologies Skype 4.1.0.136
Skype Technologies Skype 4.1.0.141
Skype Technologies Skype 4.1.0.166
In terms of scale, Bradley Anstis, VP of Technology for M86 Security said that, based on their data for the time being, the campaign doesn’t appear to be a massive one: “The campaign is also an example of the issue of application patching (see related: Secunia: Average insecure program per PC rate remains high), and how for most users the vulnerability window is much larger than what is reported solely because they do not update to the latest versions as soon as they are available.”
In fact, one of the most common problems — Google Search clustered it as well — faced by some Skype users from a security perspective, is their inability to directly update it using the “Check for updates” feature. This known behavior, is leading to an unknown number of Skype users running outdated versions of it. That’s, of course, only if we assume that the remaining are actually running the latest version.
Users are advised to check whether they’re running the latest version of Skype, and if not, download it from the official site.
The second malware campaign, is not just directly impersonating Skype, but is also part of series of spam emails serving client-side exploits, launched by the same malicious attackers. Related themes they’re currently using are “Reset your Facebook password“; “Virus Notifications” “Twitter Password Resets“, and “FIFA World Cup Scandals/Bad news“, all of which contain malicious .html attachments.
