eBay says Skype was not attacked

The recent outages the VoIP service has suffered are due to an algorithm problem, not an alleged denial-of-service code posted by Russian hackers

Skype has not been attacked, eBay said Friday, dispelling rumors that Russian hackers took down its popular online telephony service.

For more than a day now, millions of Skype users have been knocked offline by a major service outage that has crippled the service. By Friday morning, things had improved for some users, but many were still unable to connect.

eBay attributes the outage to a problem in a Skype networking algorithm, but code has been posted to a Russian security discussion forum that could supposedly be used to knock the service offline in a DOS (denial of service) attack.

The code, which was published anonymously, appears to be capable of forcing Skype's servers to freeze up, said the discussion forum site's editor, Valery Marchuk, in a posting to the Full Disclosure security discussion list. "Reportedly, it must have caused Skype massive disconnections," he wrote.

Not necessarily so, say researchers who looked at the code Friday.

The code is designed to repeatedly launch Skype and overwhelm the server with information, said Andrew Storms, director of security operations with nCircle Network Security. "But I couldn't say if it would have this kind of potential DOS effect on all of Skype," he said.

The code simply would not work as advertised, said Stefano Zanero, CTO with Secure Network SRL. "The attack code is fake, no doubt on that," he said. "I don't think this is the cause of whatever is happening to Skype."

eBay's Villu Arak addressed the issue directly in a Friday blog post, saying that neither hackers nor a recent technology update were to blame.

"Neither Wednesday's planned maintenance of our Web-based payment services nor any form of attack was related to the current sign-on issues in any way," he wrote.