CA warned all users about the new worm and trojan (trojan horse) for Skype program.

CA Turkey Solution Partners Manager Taylan Dedeoğlu, nowadays Skype is over VoIP/IM network. there has been quite a bit of confusion about a spreading worm; He emphasized that this worm named sp.exe steals passwords and sends itself over Skype to download malicious programs to the systems:

“The confusion seems to be between two unrelated malicious software. One of them is a worm that spreads over Skype to send plain text messages containing URLs.. The other is a phishing Trojan, a Trojan horse that is apparently sent unsolicitedly to Skype users.

The Skype worm named Win32/Chatosky.A is nothing new; We came across an example in October.. This worm uses the Skype client if installed to send a message containing a URL, possibly containing a copy of the worm, to other Skype users. We have no evidence that this worm is spreading. Moreover, the URL it sent is no longer available, making it pretty harmless.

The Trojan horse Win32/Skiks.A is new.. Research shows that it is distributed over Skype with the file named “sp.exe”. Based on our initial investigations, someone may have unintentionally manually sent a URL address for this sp.exe file to Skype users.. But the Trojan horse does not dismantle itself. Skiks.A records keys pressed from the keyboard and tries to connect to nsdf.no-ip.biz, trying to steal passwords, credit card numbers and any other sensitive information that users enter from their systems.”

Skiks.A’s, Dedeoğlu stated that after connecting to the nsdf.no-ip.biz address, he immediately tried to get additional codes and then run these codes; He concludes by stating that if the domain exists for a while, there may also be commands for deploying the Trojan over Skype, since all kinds of code might be hosted there.