Trojan Roaming Skype NetworkTrojan Roaming Skype Network

By Sharon Gaudin

Skype users are being hit with a Trojan that using the infected machine to reach out and infect the user's friends and colleagues.

Websense issued an alert on Thursday afternoon warning that the malicious code, known as both Warezov and Stration, is spreading through the Skype network again. An earlier version initially attacked late in February.

Dan Hubbard, a vice president of security research at Websense, said while the Trojan isn't widely spread at this point, it is making its way across the network. While the code itself is not self-propagating, when it runs, a URL is sent to everyone in the user's contact list. If their Skype program is running, a message will pop up, luring the user to click on a link, infecting them and continuing the malicious cycle.

The Trojan also opens a back door in the user's computer, enabling a hacker to get into the machine and steal the user's information or use the computer to send out spam or even a denial-of-service attack.

"Clicking on unsolicited messages in Skype is just not a good idea," said Hubbard in an interview. "Users need to get the message."

Skype is a free Voice over IP service, that enables users to record and playback audio.

The Websense advisory noted that Skype users receive a message that says "Check up this," with a URL containing a hyperlink. When users click on the link, they are redirected to a site hosting a file named file_01.exe. Users are prompted to run the file. If the user runs the file, several other files are downloaded and run.

This is not an exploit taking advantage of a vulnerability in Skype, Websense noted.

A screen shot is available in the alert. Websense also offers tips on preventing this kind of attack.