Skype responds to Trojan security threat

Skype recommends all users to upgrade to version 4.1

Skype has addressed two security issues in its telephony service aimed at reducing spam and limiting the damage caused by the newly disclosed Peskyspy Trojan.

The firm announced in a blog posting yesterday that a new version of Skype for Windows has been designed to reduce spam by ensuring that "links are not clickable in contact authorisation requests".

"The new release is a bugfix release which resolves many of the problems you have been telling us about," read the post. "We recommend everyone to update to this build now."

The update to version 4.1 will also resolve video freezing issues, and Skype said that PCs which do not support legacy technology will no longer crash on startup.

In a separate blog post, Skype's Peter Parkes responded for the first time to widespread news of a Trojan designed to listen in to and record Skype conversations.

"In order for this Trojan to 'listen in', it has to be run on your computer, which means that your computer is already compromised, e.g. by a virus," he wrote.

"It doesn't exploit the Skype software. Instead it 'listens in' to the audio data which is transferred between Skype and your computer hardware - your headset and microphone, for example - and it does this using processes which are available in Microsoft Windows. It's like standing next to someone when they are talking."

Parkes urged users to follow best practice security advice by not opening files from people they do not trust, and staying up to date with patches and security software.