Skype Trojan steals login credentials
PrintInsecurity plug-in
Posted in Software & Security, 17th October 2007 19:31 GMT
Free whitepaper – What Exchange can't do - and Dell can
Skype users, Beware a new Trojan that uses subtle social engineering tricks to try to steal your login credentials
The malware, which calls itself ‘Skype Defender’, poses as a security plug-in. Infected users are prompted to log-into their Skype accounts. Cleverly the Trojan displays what looks like a Skype login screen, the internet telephony company warns.
If a user enters his Skype username and password, the Trojan displays a message saying that the name and password are unrecognized.
Behind the scenes, this information - as well as all usernames and passwords saved in Internet Explorer - is sent to a hacker-controlled website. By compromising user Skype accounts, hackers gain access to SkypeOut credits, which might be resold, and a possible means to access the PayPal accounts used to pay for those credits.
F-Secure, TrendMicro, Symantec, WebSense, and FaceTime Security Labs have added detection for the Trojan. F-Secure, for example, describes it as the Skyper-B Trojan.
In recent months Skype's Instant messaging client has occasionally been misused as a vector to spread malware. None have been particularly effective. The Skyper-B Trojan is a more serious threat because it is capable of causing victims direct financial loss, a factor that fits in with the wider shift towards malware for profit as an engine for virus creation. ®
Analyst Keynote: The Register Agile Data Center Summit
Managing desktop software for fun and profit
Enhancing retail operations with unified communications
New storage architectures make SSDs more cost-effective
Sign up, sign up for The Register IT security newsletter
Microsoft's Windows 7 price gamble - and why it's flawed
Managing Desktop Software for fun and profit
Intel's flash new SSDs hit by bugs