Incident Response, Malware, Network Security, Patch/Configuration Management, TDR, Vulnerability Management

Skype users land in anti-malware net

Some users of Skype, the popular software application that enables users to make free phone calls over the internet to other Skype users, found their communication channel blocked earlier this week.

Villu Arak, posting to a Skype blog, wrote that security researchers at the Microsoft Malware Protection Center mistakenly labeled some version of Skype as malware. This triggered various Microsoft anti-malware products, such as Windows Live OneCare, to block transmissions and to notify Skype users of malware.

Bill Sisk, security response communications manager at Microsoft, told SCMagazineUS.com today that Microsoft is aware of the signature update released last Friday that incorrectly detected Skype as malware, specifically Trojan:Win32/Vundo.gen!D.

"The application is detected in memory and blocked from executing," he said. "There is no need to re-install Skype as files are not quarantined, moved or deleted."

Once notified about the issue, Microsoft immediately mobilized to investigate the situation and updated its signature files to resolve this problem for customers, Sisk added.

"Version 1.31.9121.0 of the signature file and higher includes the fix for the issue. Customers can download the latest signature files here. Once the signatures are updated on the user's machine, Skype will operate normally," he said.

Sisk said that Microsoft products affected include: Microsoft Forefront Client Security, Windows Live OneCare and Windows Live OneCare Safety Scanner. Microsoft products not impacted include: Windows Defender, Microsoft Forefront Security for Exchange Server, Microsoft Antigen, Microsoft Forefront for SharePoint, Malicious Software Removal Tool.

The Trojan:Win32/Vundo.gen!D belongs to the Win32/Vundo family -- a range of programs that deliver pop-up ads. They are also capable of downloading and executing arbitrary files.

One response on the Skype blog stated that "security products often mistakenly report legitimate software as malware, called a false positive, by security experts. Two years ago, for example, Sophos identified legitimate Mac OS X files as malware."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.