Worm Wriggles Into Skype for Windows
By Geoff Duncan
September 10, 2007
Windows-based users of the popular VoIP software Skype need to watch out for the new w32/Ramex.A worm which operates on Skype's chat feature.
VoIP operator Skype is warning its Windows-based users of a new worm which spreads by sending links to users via the Skype application's integrated chat feature. Users receive a message which appears to be from someone on their contact list, asking them to click a link. The messages are "cleverly written" to appear like typical chat messages, and appear to contain a link to a JPEG image. The link actually points to an executable file; if Windows-based users click the link (and give permission to save or run a .scr file) the user's computer will be infected with the w32/Ramex.A worm. The worm uses Skype's public API to access the user's computer.
Historically, instant messaging and chat programs have been an increasingly common vector for attacks on Windows-based PCs. Often, messages appear to come from friends and other trusted sources, and the instantaneous nature of online chat encourages users to click before thinking.
Skype has been working with leading antivirus vendors, and encourages all its Winodws-based users to update their antivirus software to make sure they have the latest protection. According to Skype, Kaspersky Lab, Symantec, and F-Secure have already updated their products to account for the w32/Ramex.A worm; other vendors will no doubt follow on shortly. Skype also offers expert users manual instructions for removing the worm.
"The new week has started with a bang. And not the kind of bang we like," wrote Villu Arak in the company's blog. Let's hope very few Skype customers start their weeks with a similar bang.