Skype threat confusion clears

Skype Chat not vulnerable after all

By Dawn Kawamoto, 21 December 2006 10:00

NEWS

Confusion over a security threat hitting the popular VoIP service Skype was resolved on Tuesday, with researchers re-characterising the threat as a Trojan horse rather than a worm.

Earlier this week, security firm Websense issued an advisory that a worm was using Skype Chat - the net telephone provider's instant-messaging tool - to self-propagate. The security warning advised users to be wary of instant messages that asked for users to download and run a file, sp.exe.

But shortly after the advisory went out, confusion began to emerge as to whether the security issue was in fact a worm. Other security firms chimed in, questioning whether a worm was on the loose.

Websense later revised its security alert on Tuesday, re-characterising the threat as a Trojan horse.

"After discussions with the very helpful Skype security team, the behaviour of this Trojan using the Skype API (application programming interface) is as per the specifications of the API," Websense stated in its revised advisory. "The end user who is running Skype does get notified that a program is attempting to access it and must acknowledge it... there is no vulnerability in Skype at this time that has been uncovered."

Dawn Kawamoto writes for CNET News.com.

Post your comment

In order to post a comment you need to be registered and logged in.

Log in or create your silicon.com account below

Will not be displayed with your comment

By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy.

Questions about membership? Find the answers in the Membership FAQ