Skype Hit by a Bug. Again
Skype’s troubles seem to accumulate lately: after last month’s worldwide outage, a new worm that spreads through the Web-application’s IM feature threatens the integrity of PCs, using a bogus chat message.

According to Villu Arak, a spokesperson for Skype, both Symantec and FSecure have identified the virus, which has been dubbed W32.Pykspa.D. by Symantec and W32/Skipi.A. by FSecure.

The worm only affects Windows machines with Skype installed, although Arak has not mentioned which version of Skype is targeted by the malware (Windows Vista or XP version).

“Users whose computers are infected with this virus will send a chat message to other Skype users asking them to click on a web link that can infect the computer of the person who receives the message,” wrote Arak.

“Please note that Skype users ONLY become infected after they have downloaded the link and run the malicious software. The chat message, of which there are several versions, is cleverly written and may appear to be a legitimate chat message, which may fool some users into clicking on the link,” he added.

Skype is aware of the bug and has also informed us that most anti-virus companies have updated their software to deal with the threat. Users are advised to download the latest AV updates.

The infection process goes like this: an unsuspecting user receives an instant message from one of its contacts or from a complete stranger, in which a link towards a bogus web-page filled with malware is contained. It usually indicates that the sender wants you to view a picture (the link ends with a .jpg), but if you click on it you won’t be redirected towards that page. Instead, the Windows Run/Save dialog box will pop up, asking for permission to save or run a .scr file. Of course, you should under no conditions accept the downloading or running of the infected file.

If someone is imprudent enough to click YES, his/her PC will run the malicious code, which uses Skype’s public Application Program Interface (API). One way to disinfect is mentioned earlier.

The other is addressed to tech-savvy owners and implies the modification of the computer’s registry.

1. Restart the PC in safe mode
2. Run regedit
3. Go to HKLM/software/microsoft/windows/currentversion/runonce find entry with mshtmldat32.exe. Delete this entry.
4. Go to Windows\System32 directory and delete following files: wndrivs32.exe, mshtmldat32.exe, winlgcvers.exe, sdrivew32.exe
5. Go to windows/system32/drivers/etc
6. Find file hosts
7. Open it with notepad, Ctrl+A and delete all entries (this will resume your antivirus updates), save, close.
8. Restart the PC.
© 2007 - eFlux Media. All Rights Reserved.