The Trojan horse, a variant of IRCbot, arrives in an e-mail purporting to be an update to Skype, the popular Internet telephony application. Once opened the malicious software displays a phoney installation error message. It then blocks access to security updates and installs a back door on computers, MessageLabs said in a statement.
The e-mail can have one of five different subject lines, which always refers to Skype. One, for example, reads: "Skype for Windows 1.4 - Have you got the new Skype?"
The e-mail body text advertises the Skype voice-over-IP application and urges the user to run the attached file to find out more, MessageLabs said.
The e-mail carrying the Trojan horse isn't widespread; MessageLabs has intercepted 150 copies since Sunday. It is the first such attack that pretends to be from Skype and users should watch out for such "social engineering," the company said.
Cybercriminals always try new things to dupe users into running malicious code. They have masked their Trojan horses as porn images, security updates, messages from system administrators, news photos and many other things.
I read with interest the article regarding the Skpe disguised Trojan. An issue I have with the article is that it offers no indication of how one may determine whether one has been affected nor does it offer a way to remedy the problem. Also with the way the article is written one does not know whether in fact a genuine email may have been received from skype with the subject line "Skype for Windows 1.4 - Have you got the new Skye". I in fact received such an email and did proceed to upgrade my Skype. From what I can determine the email was genuine as it took me to the skype download site. I have subsequently run a virus scan with the latest live updates and by all accounts I do not appear to been hit with this Trojan - but I guess, not being too knowledgable about such issues, I can not be entirely sure and simply have to rely on my up-to-date virus scanner to give me comfort.
In summary what I am saying here is that sometimes a little information can be dangerous without some qualification and advice about how to confirm whether one's system is safe. Without this such an article can be unsuspectingly alarmist and not that helpful.
Thanks.