Skype users, Beware a new Trojan that uses subtle social engineering tricks to try to steal your login credentials

The malware, which calls itself ‘Skype Defender’, poses as a security plug-in. Infected users are prompted to log-into their Skype accounts. Cleverly the Trojan displays what looks like a Skype login screen, the internet telephony company warns. (http://share.skype.com/sites/security/2007/10/skype_defender_malware_alert.html)

If a user enters his Skype username and password, the Trojan displays a message saying that the name and password are unrecognized.

Behind the scenes, this information - as well as all usernames and passwords saved in Internet Explorer - is sent to a hacker-controlled website. By compromising user Skype accounts, hackers gain access to SkypeOut credits, which might be resold, and a possible means to access the PayPal accounts used to pay for those credits.

F-Secure, TrendMicro, Symantec, WebSense, and FaceTime Security Labs have added detection for the Trojan. F-Secure, for example, describes it as the Skyper-B Trojan (http://www.f-secure.com/v-descs/trojan-spy_w32_skyper_b.shtml).

In recent months Skype's Instant messaging client has occasionally been misused as a vector to spread malware. None have been particularly effective. The Skyper-B Trojan is a more serious threat because it is capable of causing victims direct financial loss, a factor that fits in with the wider shift towards malware for profit as an engine for virus creation. ®

Related stories

Austrian official fuels Skype backdoor rumours (25 July 2008)
http://www.theregister.co.uk/2008/07/25/skype_backdoor_rumours/
Homer Simpson's email address hacked (14 July 2008)
http://www.theregister.co.uk/2008/07/14/homer_simpson_botnet_hack/
Skype squishes cross-zone scripting bug (6 February 2008)
http://www.theregister.co.uk/2008/02/06/skype_cross_zone_scripting_fix/
SkypeFinds another security snafu (1 February 2008)
http://www.theregister.co.uk/2008/02/01/skypefind_security_bug/
Skype Trojan wiretap plan leaks onto the net (29 January 2008)
http://www.theregister.co.uk/2008/01/29/skype_trojan/
Polyglot worm spreads over MSN (23 January 2008)
http://www.channelregister.co.uk/2008/01/23/polyglot_msn_worm/
Skype blocks poison movie peril (18 January 2008)
http://www.theregister.co.uk/2008/01/18/skype_security_vuln/
Skype update plugs critical bug (10 December 2007)
http://www.theregister.co.uk/2007/12/10/skype_stealth_update/
Skype crypto stumps German cops (23 November 2007)
http://www.theregister.co.uk/2007/11/23/skype_stumps_german_spys/
Yahoo! In! Ninth! Circle! Of! Security! Hell! (20 September 2007)
http://www.theregister.co.uk/2007/09/20/yahoo_0day_menace/
Skype worm leaps onto MSN (24 May 2007)
http://www.theregister.co.uk/2007/05/24/skype_msn_worm/
Skype IM malware smut surfaces (16 April 2007)
http://www.theregister.co.uk/2007/04/16/skype_malware/
Security vendors talk up VoIP threats (9 January 2007)
http://www.theregister.co.uk/2007/01/09/voip_threats/
Hackers call on Skype to spread Trojan (20 December 2006)
http://www.theregister.co.uk/2006/12/20/skype_trojan/
Say hello to the Skype Trojan (18 October 2005)
http://www.theregister.co.uk/2005/10/18/skype_trojan/