April 16, 2007 3:19 PM PDT

New IM worm targets Skype users

A new instant-messaging pest that spreads using the chat feature in Skype has surfaced, security firm F-Secure warned Monday.

The worm, dubbed Pykse.A, is similar to threats that affect instant-messaging applications. A targeted Skype user will receive a chat message with text and a Web link that looks like it goes to a JPEG file on a Web site, F-Secure said on its Web site.

Clicking the link will redirect the user to a malicious file. The file, after executing, will send a malicious link to all online contacts in a Skype user's list and will show a picture of a scantily clad woman, F-Secure said. In addition, it sets the user's Skype status message to "Do Not Disturb," the security firm said.

Pykse also visits a number of Web sites that don't host any malicious code and a site that appears to count infected machines, F-Secure said. The Finnish security company doesn't list any particular malicious payload for Pykse other than it spreading and visiting Web sites. The IM worm affects Skype users running Windows.

Such threats for Skype aren't new. Last month, miscreants adapted the Warezov Trojan horse to target Skype users. This threat also arrived with a Web link sent in a Skype chat message. Clicking on the link would result in a PC being at the beck and call of the attacker and the Trojan horse sending messages to the victim's Skype contacts.

In February, attackers also targeted Skype users with another Trojan horse that had propagation capabilities.

Skype has acknowledged in the past that its instant-messaging feature could be used for nefarious purposes just like any other IM service. Kurt Sauer, Skype's chief security officer, repeated that acknowledgment on Monday in a statement sent by the company's public relations agency.

"Harmful viruses and Trojan horses may damage a user's computer and collect private data, regardless of whether a person is using Skype, e-mail or other IM clients," Sauer said in the statement. "Skype strongly recommends that users take extra caution in general when asked to open attachments or links from unknown people, or suspicious-looking attachments even from people you know."

Skype also recommends using antivirus software to check the files received from other people.

See more CNET content tagged:
Skype, Kurt Sauer, F-Secure Corp., IM, threat


Join the conversation!
Add your comment
Does this affect ALL Skype users or just PC Skype users?
Judging by the name, I'm guessing it only infects Windows users of

<a class="jive-link-external" href="http://www.f-secure.com/v-descs/im-worm_w32_pykse_a.shtml" target="_newWindow">http://www.f-secure.com/v-descs/im-worm_w32_pykse_a.shtml</a>
Posted by Macsaresafer (802 comments )
Reply Link Flag
Just to be picky,
A "Trojan horse that had propagation capabilities", is more properly called a Worm (with multiple infection vectors). 8-)
Posted by Marcus Westrup (630 comments )
Reply Link Flag
Again, no list of affected OS's.
There is no mention of which operating systems are susceptible
to this malware, and this is a serious disservice to your readers.
Take our case: After 15 years, we are spending a good deal of
money switching our business entirely to Intel Mac's, primarily
for security reasons, though usability is also improved. We run a
small number of PC-only programs (flawlessly) in virtual
machines on our Macs at the same time as running OS X. The PC
side of the Mac does not have email and is limited to only a few
IP addresses on the net. We do not currently use any antivirus
protection for the PC or the Mac sides.

Incidentally, we do sophisticated software, firmware and
hardware for robotics education and research. (No battle bots or
hobby work products) and we have been dealing with the
horrors or Microsoft internals for many years. Their operating
systems are houses of cards, and they continue to be so because
Microsoft's monopoly position (threatened by the Clinton
administration but then predictably left virtually untouched by
Bush) allows them to get away with it.

Your news organization should not be part of this silence.

It may be that reporters or news outlets are somehow being
intimidated by Microsoft's legal clout so that no mention is made
that these are windows problems. (At least I expect they are.
Certainly, if these were OS X or Linux problems they would be
generating a different kind of story altogether.) But whether the
omission is from fear or laxity or some other source, it is a
glaring omission all the same.

I think you have to decide whether you are reporters or shills.
Posted by evan1138 (7 comments )
Reply Link Flag
Don't Trust Your Friends
Sauer's advice about only trusting content from your friends doesn't hold water, because as the article states the worm sends the bad link to all the victim's contacts. You would think by now these guys would have a clue. This is the same crappy advice that Microsloth keeps dishing out. The advice should be, "Don't trust strangers and don't trust your friends. Better yet, don't use our crappy insecure product."

"Clicking the link will redirect the user to a malicious file. The file, after executing, will send a malicious link to all online contacts in a Skype user's list..."
Posted by Stating (869 comments )
Reply Link Flag
Windows Only
From the F-Secure website, only "32-bit versions of Microsoft
Windows" are affected. (This is what their "Platform: W32"
designation means.)
Posted by telecommunicate (3 comments )
Reply Link Flag
Sure, let's believe F-secure
Each of these so-called security companies has a vested interest in reporting the next new Worm, Trojan or malicious exploit. A press release features their efforts and everyone is urged to update their security software. At the root of all this hype are basic security practices: Don't answer anything from a stranger, don't click on random chat links and don't buy into F-secure's hype.
Posted by Schratboy (122 comments )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.