Security firm
Websense
has downgraded a security threat to internet telephony application
Skype that it
warned about earlier this week.
Websense
Security Labs reported on its blog on Monday that there was a potential worm
propagating via Skype. On closer inspection the firm has discovered that this is
not a self-propagating worm at all and is actually a Trojan horse.
"After discussions with the very helpful Skype security team, the behavior of
this Trojan using the Skype API is as per the specifications of the API," said
Websense.
"The end user who is running Skype does get notified that a program is
attempting to access it and must acknowledge it."
Skype users would receive a message via Skype Chat to download and run a file
with a filename of sp.exe. If the file is run it appears to drop, and runs a
password stealing Trojan horse. But the user must choose to run the program.
"There is no vulnerability in Skype at this time that has been uncovered,"
the company said.
The threat may already be abating anyway. Websense confirmed today that the
websites that were used to download the Skype API code and the site that is used
to download new copies of the Trojan were both down.
Do you agree?
Have your say on this article