My friends over at security specialists Sophos have warned me to be on the lookout for Sandra and her stiletto shoes when using Skype. Usually it would be my mother offering this advice, but then she would not understand the implications of getting infected by the Pykse-A worm that exploits the Skype IM chat system to infect your PC.
Of course, as always, it relies on a certain amount of user stupidity. In this case that would be just why Sandra would want to send you a picture of herself wearing nothing but high heels. Still, enough people will link click at the slightest provocation, and that invitation probably counts as more than slight. If you do click on the link in the Skype message then you will, indeed, be presented with Stiletto Sandra. By this point you will have also been infected with the downloader Trojan and, as a consequence, the worm payload will have been installed.
On the good news front, if you can call it that, this is hardly the first worm to target Skype users. Better yet, none of the previous ones have been widespread in comparison with other malware outbreaks. Not that it is a reason to ignore the Sophos warning, as Sandra and her shoes could be the Skype worm breakthrough that the malware writing scum have been waiting for. Last year Sophos conducted a poll of system administrators and found that 86.1% of those who expressed an opinion wanted the power to control use of VoIP in their companies; with 62.8% saying blocking was essential. The fact that Skype also contains an instant messaging component also raises concerns for system administrators, as it is potentially an avenue for data leakage as well as malware infestation. More and more companies are setting a policy as to what instant messaging client is to be used in the business, and whether it can be used for communicating with the outside world.
"Once it's up and running, the Pykse worm attempts to connect to a number of remote websites, presumably in an attempt to generate advertising revenue for them by increasing their number of hits" Graham Cluley, senior technology consultant for Sophos told me. "It's another example of the methods that malware authors can use to make money.”
I'm a hacker turned writer and consultant, specialising in IT security. I've been a freelance word punk for over 20 years and along the way I have seen 23 of my books published, produced and presented programmes for TV and radio, picked up a bunch of awards and continue being a contributing editor with PC Pro - the best selling IT magazine in the UK .
I remember this exact type of delivery system that was tooled for AIM. It gave the University IT department hell for a while. The only thing that finally killed it was a flyer program designed to educate users to not click on links given over AIM.
Delivery systems like this one prey on the only guaranteed insecure aspect of a system: the user.
If there is one thing that I am 100% sure of in the security business, it is that you will never prevent users from clicking on links. Unless, of course, they learn by experience. Security education is getting to be like data backup these days, nobody believes you until they lose their data without a backup the first and only time.
I'd just like to mention I am one of those such people. My computer crashed due to malware, and then, after getting it back running again (courtesy of DMR), I joined a malware community/training organization. Best decision I've made in a while.