Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Skype trojan mistaken for worm appears harmless

Reports on Tuesday that a worm was propagating through Skype appear to be a false alarm, security researchers said today.

"After investigation, we have discovered that this is not a self-propagating worm and is actually a trojan horse," Websense Security Labs said in an alert today.

Reports were mixing up an old worm that apparently is no longer spreading and the new trojan, which also appears harmless, according to a CA blog post by senior researcher Hamish O'Dea.

The keylogging trojan, named Win32/Skiks.A, is spammed through Skype instant messenger in the form of a file called "sp.exe" and tries to lure users to a rogue website, O'Dea said. If activated, the malware tries to pilfer credit card numbers, login information and other sensitive data.

But Skype users should avoid any problems, said company CSO Kurt Sauer.

"A Skype user who receives a message from the trojan will see a link to a webpage," Sauer said in an email statement to "If the link is followed, the user must then download a copy of the trojan, and then manually run that program.  Because the website hosting the malware has been shut down already, the threat from this program appears to have ended."

"Skype has not uncovered any vulnerability in the Skype software, and the spread of this particular software appears to have slowed to a halt," Sauer added.

Meanwhile, the worm is nothing new, O'Dea said. In fact, CA received samples in October.

"We have had no indication that this worm was ever widespread," he said, "and right now, the URL it sends is not available, which makes it pretty harmless."

Click here to email reporter Dan Kaplan.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.