Password-Stealing Trojan Targets Skype
A Trojan poses as a security plug-in, displaying a fake Skype log-in screen almost identical to the real thing.A password-stealing Trojan is targeting Skype, posing as a security plug-in for the popular VOIP and IM service and displaying a fake log-in screen thats almost identical to the real thing. McAfees Avert Labs is identifying the Trojan as PWS-Pykse, F-Secure is referring to it as Trojan-Spy.Win32.Skyper.B and Skype is calling it 65404-SkypeDefenderSetup.exe.
The Trojan, which identifies itself as a plug-in called "Skype-Defender," is attempting to steal Skype user names and passwords, along with all user names and passwords saved in Internet Explorer. According to a blog posted on Oct. 17 by Avert Labs, headquartered in Santa Clara, Calif., the malware isnt spreading by itself. Rather, its author is posting it on "dodgy" sites or forums and relying on users to be tricked into executing it. After execution, the Trojan disables running instances of Skype and swaps in its fake Skype log-in window. If the victim enters a user name and password, the malware captures them and any others saved in IE and posts the information via HTTP to a Web site for the malware author to retrieve.
One way to distinguish Skypes real log-in from Skype Defenders bogus version is that none of the hyperlinks work on the fake log-in screen. However, "Most people dont necessarily check," said McAfee Avert Labs Security Research and Communications Manager Dave Marcus. "Theyll just probably enter their name, log in, and boom, they have their password stolen."
Another way to distinguish the phony log-in screen is that its sign-in button has a metallic gray border, whereas on Skypes legitimate log-in screen, the button has a red border. Marcus told eWEEK in an interview that this particular Trojan is approximately the 12th piece of malware that McAfee has identified as targeting Skype. more>>>