Websense Security Labs reported on its blog on Monday that there was a potential worm propagating via Skype. On closer inspection the firm has discovered that this is not a self-propagating worm at all and is actually a trojan horse.
"After discussions with the very helpful Skype security team, the behavior of this Trojan using the Skype API is as per the specifications of the API," said Websense.
"The end user who is running Skype does get notified that a program is attempting to access it and must acknowledge it."
Skype users would receive a message via Skype Chat to download and run a file with a filename of sp.exe. If the file is run it appears to drop, and runs a password stealing trojan horse. But the user must choose to run the program.
"There is no vulnerability in Skype at this time that has been uncovered," the company said.
The threat may already be abating anyway. Websense confirmed today that the websites that were used to download the Skype API code and the site that is used to download new copies of the trojan were both down.
.png&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0)
.png&w=120&c=1&s=0)
Tech in Gov 2025
Forrester's Technology & Innovation Summit APAC 2025
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
.jpg&h=271&w=480&c=1&s=1)
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
