International Telecommunication Union   ITU
 
 
Site Map Contact us Print Version
 Wednesday, September 12, 2007

Computerworld reports on a worm targeting Windows PCs that is spreading through Skype's instant messenger, making the Voice over IP (VoIP)'s chat software the next target. Dubbed Ramex.a by Skype spokesman Villu Arak, but pegged Pykspa.d by Symantec, the worm takes a typical instant messenger (IM) line of attack: After hijacking contacts from an infected machine's Skype software, it sends messages to those people that include a live link. Recipients who blithely click on the URL, which poses as a JPG image but is actually a download to a file with the .scr extension, wind up infected. Arak also listed instructions for removing the worm from infected PCs, but they included changes to the Windows registry, a chore most users are hesitant to try. Ramex.a/Pykspa.d injects code into the Explorer.exe process to force it to run the actual malware, a file named wndrivsd32.exe, periodically. The worm also plugs in bogus entries in the Windows hosts file so that installed security software won't be able to retrieve updates.

Skype is only the latest IM client to fall victim to hackers. Both Yahoo Messenger and Microsoft Corp.'s MSN/Live Messenger have been targeted this summer. Exploit code designed to hijack Windows PCs running Yahoo Messenger appeared as early as June, and Yahoo has been forced to patch the IM client several times since. Microsoft, meanwhile, has scheduled fixes for its MSN Messenger and Windows Live Messenger software for tomorrow, presumably to quash a webcam bug that was disclosed late last month.

Read more of this article here.