Garage & Updates

You may have read in today’s media accounts about a Skype worm being “on the loose” on the Internet. I wanted to bring you up to date on this story and how the problem has been solved.

We learned yesterday (Tuesday, 19 December 2006) that there were reports floating in information security circles that there was a “Skype worm” in the wild. We contacted a number of sources, both in the infosec industry and within eBay, as well as some key security researchers, to learn more about the incident.

]]>By late on 19 December, we had obtained a copy of one of the two variants of the worm, and we learned that the attack was:

* not a worm; and
* made very minimal use of Skype

In particular, the program was a Trojan Horse that spreads over the web. Although it uses Skype to propagate itself, it makes legal use of our APIs to simply send a web link (URL) to another user — that is the full extent of the use of Skype.

As of 20 December, the sites distributing the malware had been taken off the net, thereby effectively stopping further spread of the malware.

There are a number of news reports about this event on the web, such as:

* [vnunet.com](http://www.vnunet.com/vnunet/news/2171323/experts-downgrade-skype-worm)
* [websense.com](http://www.websense.com/securitylabs/alerts/alert.php?AlertID=716)

Of course, as is the case with every incident, we will be doing a post-mortem to see how we can prevent such events in the future.