VoIP IP Telephony @ http://snapvoip.blogspot.com
On May 24, Chris Boyd, a researcher at FaceTime Communications -- which established a partnership to provide security applications to Skype in Feb. 2007 -- noticed a new variant of the so-called Skype worm that has been spreading through the VOIP client's messaging system for the last several months.
Unlike previous versions of the threat that merely passed themselves along to other Skype users via their contact lists, the new variant will also "jump" to other more established networks, including the ICQ and MSN messenger platforms.
The development illustrates not only that attacks aimed at users of VOIP networks are escalating and becoming more sophisticated, but also that they are being pulled into use by the smartest and most aggressive cyber-criminals looking for new revenue streams, Boyd said.
In late March 2007, researchers at F-Secure first unearthed a Skype worm variant that attempted to trick users into visiting a Web site that downloaded a malware program which was designed to communicate to hackers over a Yahoo mail server to confirm its infection and load additional programs onto affected PCs.
Variants of the attack, which subsequently tried to infect users with keystroke logging software and other data-thieving programs, have continued to appear since that time.
Tony Magellanez, a systems engineer at Helsinki, Finland-based F-Secure, said that such a move by hackers to port their IM-based threats to VOIP software should come as no surprise.
"Chat has obviously been around forever, and the ability to share information via these tools has opened it up to the types of attacks we're seeing," Magellanez said. "The attacks aren't being made against any vulnerability in the software but instead against the social aspects of its use that make it an attractive target."
The researcher said, in fact, that the Skype application in particular has exhibited a small number of vulnerabilities and proven fairly resistant to malware threats, a performance he attributes to significant work on the part of the company to engineer the system with security in mind.