A worm that drops a password-stealing Trojan horse on a user's computer is circulating via Skype, the popular voice over internet protocol (VoIP) application, security vendor Websense said.
Computer security analysts are studying reports of a worm that may be circulating via a feature in Skype's popular voice over Internet protocol (VoIP) service.
Security vendor Websense said the worm spreads through Skype's chat feature. Users receive a message asking them to download a file called "sp.exe." The executable is a Trojan horse that can steal passwords. If a user runs the Trojan it triggers another set of code to spread itself.
The first infected PCs appeared in the Asia-Pacific region, particularly in Korea, Websense reported on its blog on Tuesday. It said it was still investigating the issue.
Not all security experts were in agreement, however. F-Secure received a sample of the worm and determined that it did not, in fact, target Skype, said Mikko Hypponen, chief research officer. "What's clear is, there's no massive worm outbreak with Skype at the moment," Hypponen said. "We are following the situation."
The SANS Internet Storm Centre said it was "hearing some details of a new worm spreading via Skype IM" and asked for more information in a posting on its site.
Websense said the executable appears to be encrypted with NTKrnl Secure Suite Packer, a polymorphic encryption program that makes files look unique to different detection engines. The original site that hosted the code is not serving it any more, Websense said.