Skype worm jumps to ICQ, MSN

A new variant of the Stration worm, which has been plaguing Windows users for the past year, has made the jump from Skype to the ICQ and MSN Messenger networks.

This latest variant popped up earlier this week, according to Chris Boyd, a researcher at FaceTime Communications, who blogs under the pseudonym "Paperghost."

"They're using Skype as a jump off into other more established networks," Boyd said. "The infection will go looking for other instant messaging clients that are on the PC and then attempt to send the infection message that it initially sends through Skype through these other chat systems."

For a computer to be infected, a user must first click on a link and then agree to download an executable file. In one sample provided by Boyd, the malicious link is listed below the instant message, "Check this out. Give me your opinion."

Once installed, the worm will gradually start to send out messages to the victim's contacts, Boyd said.

Instant message worms have spread from network-to-network in the past, but this is the first time Boyd has seen a worm jump from Skype to another network.

"It's an odd system to make, because these guys have a foot in the door [in the Skype network]," he said. "You think they'd focus all their energies onto exploiting Skype."

Stration is not widespread and is considered to be a low-risk infection, but it has been a tough worm to fight for some security vendors. Over the past year it has morphed into hundreds of variants, and antivirus companies have been having a hard time keeping track of its many iterations.

Stration has also been called "Warezov" and "Stratio."

Nobody knows who is behind the worm, but the domains that host the malicious code are registered through a Chinese Internet company, Boyd said.