Malware Watch: Skype exploit, Skype-themed malicious spam campaigns detected

The company is also emphasizing on the fact that despite Skype's advice in their "release notes" recommending that users should use antivirus protection in case of "any problems", the exploit is currently detected by 1 out of 41 signatures-based antivirus scanners.

Meanwhile, a separate spamvertised malicious campaign, is using Skype-themed "Problem with your payment" theme, with the campaign itself part of an aggressive spamming effort observed over the past few days.

More details on the campaigns:

Skype versions susceptible to exploitation through the EasyBits Extras Manager Unspecified Vulnerability:

Skype Technologies Skype 4.0.0.206 Skype Technologies Skype 4.0.0.215 Skype Technologies Skype 4.0.0.216 Skype Technologies Skype 4.0.0.224 Skype Technologies Skype 4.0.0.226 Skype Technologies Skype 4.0.0.227 Skype Technologies Skype 4.1.0.130 Skype Technologies Skype 4.1.0.136 Skype Technologies Skype 4.1.0.141 Skype Technologies Skype 4.1.0.166

In terms of scale, Bradley Anstis, VP of Technology for M86 Security said that, based on their data for the time being, the campaign doesn't appear to be a massive one: "The campaign is also an example of the issue of application patching (see related: Secunia: Average insecure program per PC rate remains high), and how for most users the vulnerability window is much larger than what is reported solely because they do not update to the latest versions as soon as they are available."

In fact, one of the most common problems -- Google Search clustered it as well -- faced by some Skype users from a security perspective, is their inability to directly update it using the "Check for updates" feature. This known behavior, is leading to an unknown number of Skype users running outdated versions of it. That's, of course, only if we assume that the remaining are actually running the latest version.

Users are advised to check whether they're running the latest version of Skype, and if not, download it from the official site.

The second malware campaign, is not just directly impersonating Skype, but is also part of series of spam emails serving client-side exploits, launched by the same malicious attackers. Related themes they're currently using are "Reset your Facebook password"; "Virus Notifications" "Twitter Password Resets", and "FIFA World Cup Scandals/Bad news", all of which contain malicious .html attachments.