Skype Malware Campaign Grows – Businesses and Consumers Targeted

Microsoft has suggested that users and businesses switch to Skype following the scheduled shutdown of the MSN Messenger service in March. The problem, however, is that criminals are starting to migrate to that platform if recent discoveries from Trend Micro are any indication.

Recently, the Shylock family of malware made headlines for its ability to spread via Skype. Shylock is a banking Trojan, targeting financial data and accounts. While Shylock has been mostly targeting users in the UK and EU, additional malware variants have been observed in the United States.

On Monday, researchers at Trend Micro discovered two additional types of malware targeting Skype users. The first, a worm that has the ability to clear message history is being given the name Bublik. However, code examinations show that the worm downloads additional modules, which have rootkit abilities allowing remote command and control of the infected host.

The second type of malware discovered is being called Phorpiex, which will clone itself to all removable drives once a victim accesses a link to it via Skype. Normally Phorpiex is spread via email, so Skype represents a new attack channel.

“These strings of threats aimed at Skype pose serious risks, not just for ordinary users, but also for small businesses benefiting from the platform,” a blog post from Trend explains. 

“Microsoft is reportedly closing down Windows Messenger on March 15, 2013 and recommends switching to Skype. As such, this poses risks especially to first-time Skype users and with DORKBOT and now, Shylock variants spreading via Skype, users and businesses alike should have a more security-conscious mindset when it comes to using Skype.”