With VoIP targeted attacks on the rise, its not surprise that Skype is an appealing target.  That being said, Skype recently warned its users of a new password-stealing Trojan making its way around.  What it does is launch a ficticious Skype interface and asks for your username and password.  Unsuspecting users will enter their information and upon clicking a submit button, they will be prompted with an error.  At that point, it’s game over; your username and password have already been sent to the malware developer.  Having said that, if you ever receive a file titled SkypeDefenderSetup.exe, just send that baby right to your Recycling Bin.

Skype Ltd. again warned users of its software that malicious code targeting the voice-over-IP (VoIP) and instant messaging service was on the prowl, the second such alert in the past five weeks.

A Trojan horse posing as a Skype add-on is stealing log-on credentials, the company’s online spokesman, Villu Arak, said yesterday in a blog posting. Calling itself Skype Defender, the malware installs if users download and run the executable SkypeDefenderSetup.exe, then launches to display a mock Skype interface complete with username and password fields. Entering valid information, however, only results in the bogus application claiming, “Your Skype name and password were not recognized. Please check and try again.”

By that time, the log-on information, usernames and passwords remembered by Internet Explorer have been snatched and sent to the attacker.[more]

Tags: Malware