Skype Slammed Again by Worm

Dennis Faas's picture

Love to talk? Many of us do. It's one reason Skype has becomes such a popular "telephony" service, although both Skype Ltd. and its customers are pulling out hairs this morning over news that a nasty worm is inching its way through the instant messenger service.

Skype, which is a Voice over Internet Protocol, or VOIP service, has seen its fair share of threats. In April we reported on a similar issue, whereby a text link led to a JPEG file that in turn presented an executable link. Clicking that meant spyware-central, and a whole lot of headaches for a service developed by former Kazaa geniuses.

The new issue, which has been dubbed Ramex.a by Skype representatives but Pykspa.d by security firm Symantec, again attacks the instant messenger feature. First, there's the infection of one set of Skype software. Then, a hijacker grabs hold of that individual's contacts, who receive messages bundled with a live link. Those who click on the URL -- and we really all need to be careful what we click -- will, like last time, be presented with a JPEG file and the download of an .scr extension. If you've reached this point, you're infected. (Source:

Skype spokesperson Villu Arak told reporters, "The chat message, of which there are several versions, is cleverly written and may appear to be a legitimate chat message, which may fool some users into clicking on the link". (Source:

Thus, it's another very intelligent trap in a world preceded by blatantly ridiculous potholes. Ramex.a (or Pykspa.d) injects code into Explorer's executable, which in turn runs spyware (via the file wndrivsd32.exe). For good measure, the worm prevents the average security software from updating against it.

For the time being, Skype users must be vigilant. Although Symantec has identified the threat, it is still only in the process of investigating real solutions.

Are we finally at the point where hackers can distance themselves from their security hunters?

Give it a few days.

| Tags:
Rate this article: 
No votes yet