Slashdot Mirror

← Back to Stories (view on slashdot.org)

Skype Worm Infects Windows PCs

Posted by kdawson on from the footsteps-of-msn-and-yahoo dept.

walterbays writes with news of a worm spreading to Windows PCs through Skype's IM. The worm is variously called Ramex.a and Pykspa.d. A poster on a Skype forum explains how to remove it. "After hijacking contacts from an infected machine's Skype software, it sends messages to those people that include a live link. Recipients who blithely click on the URL — which poses as a JPG image but is actually a download to a file with the .scr extension — wind up infected."

3 of 127 comments (clear)

  1. Lovely by MechaShiva · · Score: 2, Interesting

    Ramex.a/Pykspa.d injects code into the Explorer.exe process to force it to run the actual malware -- a file named wndrivsd32.exe -- periodically, wrote an infected user on a Skype message forum today. The worm also plugs in bogus entries in the Windows hosts file so that installed security software won't be able to retrieve updates.

    No mention of if this is just piggybacking a windows exploit or is it purely the result of Skype being craptastic. Also, gotta wonder how/if it effects a properly patched windows xp machine and/or vista. In any event, sounds like fun.

    --
    After calming me down with some orange slices and some fetal spooning, E.T. revealed to me his singular purpose.
  2. Is there any chance this is related to outage? by Thagg · · Score: 2, Interesting

    Three weeks ago, Skype was down for quite a while. Was it possible that it was not the benign "updating software" that they had previously reported? Perhaps it really was some kind of malicious attack.

    An aquaintance of mine was hit by this today, he only ran Skype ever with his wife and daughter -- it seems hard to imagine how bad guys got ahold of his address, unless perhaps somebody downloaded the whole database.

    Thad Beier

    --
    I love Mondays. On a Monday, anything is possible.
  3. Re:Amazing by jawtheshark · · Score: 2, Interesting

    Ehm, you really don't remember, do you? There was functionality in Outlook that allowed emails to run midis, except it didn't check the MIME type and ran whatever declared itself as being a midi, including EXE, COM, SRC and PIF. So, the person opening those emails got infected by "just opening the email"

    That was back in the day that we computer scientists were laughing at those "open an email and get virus emails". We didn't count with Outlook.... *sigh* That was a long time ago...

    --
    Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)