Skype worm leaves Sophos users unfazed

September 11, 2007 Sophos Press Release


The instant messaging worm targets Skype users.

Sophos, a world leader in IT security and control, says that a recent worm outbreak on the Skype network highlights the importance of proactive virus protection. The worm, which has been seen spreading via Skype's instant messaging system, has not managed to infect Sophos users who were proactively protected against the threat without requiring an update.

The W32/Pykse-C worm (also known as Ramex, Skipi or Pykspa) spreads via Skype's chat system in a variety of languages including English, Russian and Lithuanian. Receipients of the instant messages are invited to click on a link to what they believe will be a .JPG picture, but is in fact a downloadable executable.

However, unlike many other anti-virus vendors, Sophos did not have to issue an update to protect its users against the malware as Sophos's Behavioral Genotype® Protection technology was already able to proactively identify it as Mal/Behav-103. Users of other vendors' products are recommended to update their protection and ensure that they are defended from the threat.

"Hackers are becoming more inventive in their attempts to infect PC owners. Sophos's millions of users weren't affected by this latest attack because our proactive protection intercepts the attempt to infect PCs without requiring an update," said Graham Cluley, senior technology consultant at Sophos. "With so much money to be made, the hackers aren't going to stop trying to break into PCs anytime soon. Everyone needs to take safety seriously online, which includes ensuring that a secure defense is in place."

Skype has published information on its blog about the worm outbreak.

The latest incident is not the first time that Skype has raised questions for system administrators tasked with securing their networks. In April, Sophos reported how malware was spreading via Skype offering pictures of a scantily clad model wearing stiletto high-heeled shoes. Last year, Sophos conducted a poll of system administrators which revealed that 86.1% of those who expressed an opinion wanted the power to control use of VoIP in their companies, with 62.8% saying blocking was essential.

"The fact that Skype also contains an instant messaging component also raises concerns for system administrators, as it is potentially an avenue for data leakage as well as malware infestation," continued Cluley. "More and more companies are setting a policy as to what instant messaging client is to be used in the business, and whether it can be used for communicating with the outside world."

Sophos recommends companies protect themselves with a consolidated solution which can control network access and defend against the threats of spam, hackers, spyware and viruses.