You are here: silicon.com > Software > Malware

Skype threat confusion clears

Skype Chat not vulnerable after all

Tags: websense, security, skype, trojan horse

By Dawn Kawamoto

Published: 21 December 2006 10:00 GMT

Confusion over a security threat hitting the popular VoIP service Skype was resolved on Tuesday, with researchers re-characterising the threat as a Trojan horse rather than a worm.

Earlier this week, security firm Websense issued an advisory that a worm was using Skype Chat - the net telephone provider's instant-messaging tool - to self-propagate. The security warning advised users to be wary of instant messages that asked for users to download and run a file, sp.exe.

But shortly after the advisory went out, confusion began to emerge as to whether the security issue was in fact a worm. Other security firms chimed in, questioning whether a worm was on the loose.

Websense later revised its security alert on Tuesday, re-characterising the threat as a Trojan horse.

"After discussions with the very helpful Skype security team, the behaviour of this Trojan using the Skype API (application programming interface) is as per the specifications of the API," Websense stated in its revised advisory. "The end user who is running Skype does get notified that a program is attempting to access it and must acknowledge it... there is no vulnerability in Skype at this time that has been uncovered."

Dawn Kawamoto writes for CNET News.com.

Add comment

Print story

Email story

RSS

Skype founders dabbling in web TV

Skype to get bloggers talking?

Skype plugs VoIP-for-Mac flaw

Mobile Skype grinds to a halt

Skype rings changes with standalone VoIP phone

Skype goes Mac

In silicon.com

Commentary

silicon.com Dear silicon.com... XP lives, the femtocell 'truth', BlackBerry bashing… Reader Comments of the Week

Martin Brampton The Brampton Factor: Open source 'brotherhood' closed to co-operation Where's the real sharing?

Latest News

How the good guys fight the security arms race

UK banks targeted by phishing attacks

Mobile malware: The threat exists

silicon.com Classics: 'Nigerian' money scam - What happens when you reply?

First iPhone Trojan reported

Cyber spies plan attacks next year

Jobs

City Investment Bank - Snr Front Office Dev - Murex/Flex API

The successful candidate will need Murex experience and Flex API knowledge. A city based investment bank is looking for a snr developer to join a ...

Sophis API Developer - Strong Equity Derivatives Knowledge

Sophis Risque Developer C++ Technical Architect/Developer, C#, Toolkit, Derivatives, previous strong experience and exposure working with Sophis ...

Sophis API - C++ - 2 years contract

My Top Tier Investment bank client in Canary Wharf is looking for Sophis API Developer to join their Equity Derivatives team, based in Canary Wharf. ...

Special Report Focus

CIO Agenda 2008
The exclusive silicon.com CIO Agenda 2008 survey looks at the CIO's tech shopping list for the year, examines whether IT budgets are rising or falling and reveals what the pain points are for tech chiefs this year. Find out more in our latest special report.