Attackers get chatty on VoIP

The recent spate of malware attacks propagating throughout the user base of the Skype Internet calling system illustrates a broader trend toward cyber-criminals moving to take advantage of VoIP platforms as they become increasingly popular.

Security researchers tracking the latest pack of worm viruses to wriggle their way through the Skype community's chat system said that the threats are nearly identical to attacks that have plagued users of other publicly-available messaging applications for years.

However, as Skype and other VoIP systems become even more widespread and greater numbers of businesses move to adopt the technologies, experts predict that cyber-criminals will ratchet-up the severity and diversity of the attacks they aim at users of the software.

In mid-May, London-based Skype -- which is owned by eBay -- launched a series of trials of new enterprise features that it hopes will encourage larger numbers of businesses to consider use of its publicly-available VoIP applications.

The potential to use such programs to infiltrate business networks and carry out attacks will drive malware code writers and other schemers to similarly increase their focus on VoIP platforms, researchers said.

On May 24, Chris Boyd, a researcher at FaceTime Communications -- which established a partnership to provide security applications to Skype in Feb. 2007 -- noticed a new variant of the so-called Skype worm that has been spreading through the VoIP client's messaging system for the last several months.

Unlike previous versions of the threat that merely passed themselves along to other Skype users via their contact lists, the new variant will also "jump" to other more established networks, including the ICQ and MSN messenger platforms.

The development illustrates not only that attacks aimed at users of VoIP networks are escalating and becoming more sophisticated, but also that they are being pulled into use by the smartest and most aggressive cyber-criminals looking for new revenue streams, Boyd said.

"There are a lot of businesses picking up Skype in the workplace, and it's a good bet that if they have Skype on there, they have other IM clients. The attackers are really trying to hit as many people as possible in a random manner, but this is the first instance we've seen of an attempt to get a foot in the door of other networks using Skype," Boyd said.

While the attack merely passes itself along to contacts listed in the messaging accounts of affected users, versus dropping malware onto their computers, it does attempt to lure people into clicking on links that point to a range of virus-infecting Web sites.

Boyd said that several of the involved URLs have been used in previous attacks on Skype users, including a handful of sites registered through Chinese hosting companies.

The researcher believes that the endgame of the hackers behind the threat is to steal valuable data from infected users and pass it back to themselves over Skype's encrypted messaging system. Boyd said that there is also growing evidence of attackers building proof-of-concept botnet threats aimed specifically at Skype users.