Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Security Strategy, Plan, Budget, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Stration variant spreading through Skype

Websense has discovered a new set of malicious code being distributed by the Stration worm through the Skype network.

The code sends infected PCs a message asking them to click on a hyperlink, which then redirects them to a malicious file downloader. That file then downloads malware.

The downloads contain versions of Stration, also known as Warezov, that open backdoors to systems for new malicious code, according to an alert released Thursday by Websense.

The trojan then sends the URL to all Skype contacts and attempts to connect to a Yahoo mail server, which is not operable, to send a SMTP message, according to Websense.

Dan Hubbard, vice president of security research at Websense, told SCMagazine.com today that enterprises should manage Skype the same way they would any other messaging application.

"It’s just another vector, it’s not really all that different from AOL Instant Messenger or MSN Messenger, it’s just a different platform. We have seen quite a few people on Skype message boards talking about it," he said. "Skype users are more tech savvy, so when you see quite a few people saying that they’ve got a message and then it started doing weird things to my machine, it’s noteworthy."

Late last month, F-Secure reported two users received links to a file infected with Stration.

At that time, Stration variants used instant messaging platforms to disperse, but not yet Skype, according to company weblog posts by Mikko Hypponen, F-Secure chief research officer.

Hypponen told SCMagazine.com today that the attacks have had limited success – partially because of Skype’s attention to security.

"We saw (attacks) for the first time two or three weeks ago, but they don’t seem to be working too well," he said. "Skype is harder to target than most others. Those guys are taking very security very seriously."

Click here to email Online Editor Frank Washkuch Jr.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.