Malware is always evolving, and one of the newest trends is to use different methods of propagation. In this Trojan’s case, the propagation is through the VoIP service, Skype. Granted, Skype is still a secure service, and this Trojan does not exploit any vulnerabilities through it, but using it as a propagation engine could be pretty deadly for malware in the future.

Ever long for the good old days when all viruses did was stomp on the FAT table of your hard drive?

Recently, McAfee’s Avert Labs encountered a new type of password stealer that uses Voice over Internet Protocol (VoIP) telephony provider Skype’s network to propagate. There is no vulnerability in the Skype service itself, the Trojan just uses the Skype network to move about, according to David Marcus, security research and communications manager at McAfee’s Avert Labs.

The Trojan, called PWS-JO by McAfee, Downloader by Symantec and Win32/Scypex.A by Microsoft, is considered low risk, as there are very few instances of it being found and all of the major antivirus programs will detect it. What it reflects, Marcus said, is that virus distribution has moved beyond just e-mail and Web links to a new network, in this case, VoIP.

Password stealing Trojan viruses grew by 240 percent this year, making them the largest genre of malware along with Botnets, according to an Avert Labs blog posting.[more]

Tags: Malware