Sophos has reminded companies of the potential impact of VoIP and instant messaging (IM) on enterprise networks following the discovery of a worm that spreads via Skype's IM chat system.
April 18, 2007 (Press Release) --
The Mal/Pykse-A worm spreads via Skype instant messages, posing as a link to a photograph of a young woman. Clicking on the link does display an image of a scantily clad model wearing stiletto heeled shoes, but only after infecting the PC with a downloader Trojan which then installs the worm.
"Once it's up and running, the Pykse worm attempts to connect to a number of remote websites, presumably in an attempt to generate advertising revenue for them by increasing their number of 'hits'," said Graham Cluley, senior technology consultant for Sophos. "It's another example of the methods that malware authors can use to make money. With an ever increasing wave of malicious attacks, companies need to ensure that not only do they have secure defenses in place, but also that they are enforcing policies about what programs their users can run and which websites their PCs can visit."
Remote sites connected to by the worm currently contain content referencing "The Living Africa" ripped from a legitimate site: library.thinkquest.org. Some of the sites includes an invisible iframe, which sucks in content from online advertising companies. Others don't contain advertising content, and seem to contain just mirror of the legit page. However, they could be updated by hackers in future to contain malicious content if they so chose.
Sophos notes that there have been a number of worms which have spread via Skype instant messaging in the past. None of them have been particularly widespread compared to other major outbreaks of malware.
Since last year Sophos anti-virus products have been capable of policing which users in a business are allowed to run VoIP programs (including Skype) through Application Control. In regard to VoIP, this not only combats virus risks but also avoids bandwidth being eaten up by unauthorized communications.
Last year Sophos conducted a poll of system administrators and found that 86.1% of those who expressed an opinion wanted the power to control use of VoIP in their companies, with 62.8% saying blocking was essential.
The fact that Skype also contains an instant messaging component also raises concerns for system administrators, as it is potentially an avenue for data leakage as well as malware infestation. More and more companies are setting a policy as to what instant messaging client is to be used in the business, and whether it can be used for communicating with the outside world.
"Putting security and control measures in place can help prevent attacks like this worm affecting businesses," continued Cluley. "Our advice would be for companies to audit the software that their users are running, not only to prevent potential malware security issues - but also because of the other risks that unauthorized software can bring to company data and networks."
Author: Mihai Alexandru
Source: http://www.playfuls.com/
"Once it's up and running, the Pykse worm attempts to connect to a number of remote websites, presumably in an attempt to generate advertising revenue for them by increasing their number of 'hits'," said Graham Cluley, senior technology consultant for Sophos. "It's another example of the methods that malware authors can use to make money. With an ever increasing wave of malicious attacks, companies need to ensure that not only do they have secure defenses in place, but also that they are enforcing policies about what programs their users can run and which websites their PCs can visit."
Remote sites connected to by the worm currently contain content referencing "The Living Africa" ripped from a legitimate site: library.thinkquest.org. Some of the sites includes an invisible iframe, which sucks in content from online advertising companies. Others don't contain advertising content, and seem to contain just mirror of the legit page. However, they could be updated by hackers in future to contain malicious content if they so chose.
Sophos notes that there have been a number of worms which have spread via Skype instant messaging in the past. None of them have been particularly widespread compared to other major outbreaks of malware.
Since last year Sophos anti-virus products have been capable of policing which users in a business are allowed to run VoIP programs (including Skype) through Application Control. In regard to VoIP, this not only combats virus risks but also avoids bandwidth being eaten up by unauthorized communications.
Last year Sophos conducted a poll of system administrators and found that 86.1% of those who expressed an opinion wanted the power to control use of VoIP in their companies, with 62.8% saying blocking was essential.
The fact that Skype also contains an instant messaging component also raises concerns for system administrators, as it is potentially an avenue for data leakage as well as malware infestation. More and more companies are setting a policy as to what instant messaging client is to be used in the business, and whether it can be used for communicating with the outside world.
"Putting security and control measures in place can help prevent attacks like this worm affecting businesses," continued Cluley. "Our advice would be for companies to audit the software that their users are running, not only to prevent potential malware security issues - but also because of the other risks that unauthorized software can bring to company data and networks."
Author: Mihai Alexandru
Source: http://www.playfuls.com/
Email
Print
SPAM
LEAVE A COMMENT
