Monday, June 21, 2010

Months-Old Skype Vulnerability Exploited in the Wild


Cybercriminals have once again used a not-so-new but still a seemingly promising medium for their malware campaigns. Earlier today, ZDNet reported a “new” exploit that targets Skype users. This exploit takes advantage of a vulnerability in a Skype component—EasyBits Extras Manager. While the vulnerability was found and fixed as early as October 2009, many users are still running older, vulnerable versions.

The vulnerability is being used to download malicious files, among them a ZBOT variant, TROJ_ZBOT.COC. As is typical of ZBOT variants, it steals a user’s personal information, particularly those related to online banking.

Good thing that Trend Micro already had coverage for these payloads many months before the cyber-criminals actually made use of this Skype vulnerability described above as a means to deploy these malicious codes!!

Over the years, Skype has been targeted and used as an infection vector by several malware families, including STRAT, KOOBFACE, and, more recently, PALEVO, due to its growing user base.

Skype currently hosts more than 500 million registered users and is still adding 300,000 users per day. Skype CEO John Silverman aims to have about 100 million PCs shipped preloaded with the popular VoIP software in 2011. This January, TeleGeography reported that Skype’s traffic growth has soared over last year while the international phone traffic declined, proving that more and more users are preferring Skype as a medium for international voice communications.

more found here
Share/Bookmark

No comments:

Post a Comment