IT security and control firm Sophos has reminded companies of
the potential impact of VoIP and instant messaging (IM) on
enterprise networks following the discovery of a worm that spreads
via Skype's IM chat system.
The Mal/Pykse-A
worm spreads via Skype instant messages, posing as a link to a
photograph of a young woman. Clicking on the link does display an
image of a scantily clad model wearing stiletto heeled shoes, but
only after infecting the PC with a downloader Trojan which then
installs the worm.
Clicking on the link infects the user's
computer and displays an image of a model called Sandra wearing
stilletos.
"Once it's up and running, the Pykse worm attempts to connect to
a number of remote websites, presumably in an attempt to generate
advertising revenue for them by increasing their number of 'hits',"
said Graham
Cluley, senior technology consultant for Sophos. "It's another
example of the methods that malware authors can use to make money.
With an ever increasing wave of malicious attacks, companies need
to ensure that not only do they have secure defenses in place, but
also that they are enforcing policies about what programs their
users can run and which websites their PCs can visit."
Remote sites connected to by the worm currently contain content
referencing "The Living Africa" ripped from a legitimate site:
library.thinkquest.org. Some of the sites includes an invisible
iframe, which sucks in content from online advertising companies.
Others don't contain advertising content, and seem to contain just
mirror of the legit page. However, they could be updated by hackers
in future to contain malicious content if they so chose.
The worm connects to websites containing
content stolen from a legitimate site.
Sophos notes that there have been a number of worms which have
spread via Skype instant messaging in the past. None of them have
been particularly widespread compared to other major outbreaks of
malware.
Since last year Sophos anti-virus products have been capable of
policing which users in a business are allowed to run VoIP programs
(including Skype) through Application Control.
In regard to VoIP, this not only combats virus risks but also
avoids bandwidth being eaten up by unauthorized communications.
Last year Sophos conducted a poll
of system administrators and found that 86.1% of those who
expressed an opinion wanted the power to control use of VoIP in
their companies, with 62.8% saying blocking was essential.
The fact that Skype also contains an instant messaging component
also raises concerns for system administrators, as it is
potentially an avenue for data leakage as well as malware
infestation. More and more companies are setting a policy as to
what instant messaging client is to be used in the business, and
whether it can be used for communicating with the outside
world.
"Putting security and control measures in place can help prevent
attacks like this worm affecting businesses," continued Cluley.
"Our advice would be for companies to audit the software that their
users are running, not only to prevent potential malware security
issues - but also because of the other risks that unauthorized
software can bring to company data and networks."
Sophos continues to recommend companies protect their desktops
and servers with a consolidated solution
which can control network
access and defend against the threats of viruses, hackers,
spyware, and spam.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.