Imitation, they say, is the best form of flattery, but surely the maker/s of this executable have more on their mind than exuding fan-hood. Skype, a hugely popular peer-to-peer VoIP application at 220 million total users worldwide, recently made the news for going offline for almost two days last August. This October, we see it receiving another blow (albeit tangentially but possibly as damaging), this time from a Trojan spyware.
TSPY_SPEYK.A, Trend Micro’s detection for a program which, upon execution, mimics Skype’s login page, has been reported to us by users and verified to be malicious. When installed by an unsuspecting user, it first displays the following message box:
If the user clicks OK, this spyware then displays the following login window:
Even upon closer inspection, the login window is quite like the original, enough to convince some users into actually typing in their user names and passwords. After clicking the Sign In button, it then displays a fake error message to indicate that the entered credentials are invalid:
After four login attempts, the fake login window terminates automatically. Users may then go about their way, not thinking much of what just happened. The truth is, the spyware has just received ample confirmation that the characters the user typed in are indeed valid (note the four attempts). This spyware then sends the data it gathers to a certain Web site via HTTP post. The implications go haywire from there: the malicious user may use the account information to impersonate their real owners, or in the case of paid users, place calls that will redound to the victims (despite Skype’s famously low rates—this is, still, an unpleasant surprise). Trend Micro already detects this, though, so users who fear they have been duped should keep their AV engines updated, and run regular scans. If there is a clear and present danger that theft has actually transpired, users should change their Skype passwords.
Remember, nothing fazes a deranged “fan.”