New Trojan Mimics Skype, Steals Login Credentials

Security analysts are warning of another malicious software program masquerading as an installer file for Skype.

The program sends the victim's Skype credentials, as well as any other logins or passwords stored in Internet Explorer, to another server, wrote Villu Arak, a Skype spokesman based in Tallinn, Estonia, on a Skype blog.

Skype, the VOIP (voice over Internet protocol) program owned by eBay Inc., is frequently targeted by malware writers because it is widely used. Other attacks have focused on sending links to malware via Skype's chat function as well as worms.

This Trojan horse appears as an installer with Skype's logo and the name "65404-SkypeDefenderSetup.exe." Once the program is executed, users see a convincing Skype login interface, although the graphic for the "sign in" button is different from that of the genuine Skype application.

Login credentials can be entered, but none of the other menu functions work, said Chris Boyd, security research manager for FaceTime Communications Inc. Microsoft Corp.'s Internet Explorer can locally store passwords as a convenience for users as part of the browser's "autocomplete" function, but it is possible for software to improperly access the information.

The Trojan has been spread through spam as well as through instant-message conversations with a link to the malware, Arak said.

"This piece of malware does not propagate itself," Arak said. "Luckily, because the malware depends on the "human factor" to propagate, it is not widely spread. And we've received only a few complaints in customer support."

One user complained last week on Skype's forum of an infection, adding that his account was subsequently shut down.

"I was stupid," the user wrote. "Please, please help."