Shylock Malware Now Spreading via Skype
A new plug-in called msg.gsm is designed to allow the code to spread through Skype, according to researchers at CSIS.
"An analysis by [CSIS] shows that the newest version of the malware includes a plugin named 'msg.gsm' that uses the chat function in Skype in order to spread to new machines," writes Threatpost's Dennis Fisher. "The malware relies on a network of infected Web sites to perform drive-by download attacks as the initial infection vector, and once it is resident on a new machine and finds the Skype application, it then sends malicious links to the victim's contacts through the chat function."
"The plug-in also bypasses the warning and confirmation request that Skype displays when a third-party program tries to connect and interact with the application," writes Computerworld's Lucian Constantin.
"Beside the new ability to spread through Skype, Shylock can also spread through local shares and removable drives," writes The Register's John Leyden. "Infection by the Trojan allows cybercrooks to steal cookies, inject HTTP into a website, setup setup VNC (allowing remote control of compromised desktops), and upload files, among other functions."