Skype and iTunes Not Impervious to Worms

  • Posted on
  • by

According to recent reports, pernicious code is being spread through an instant message syntax that sends a message to Skype users directing them to click on what appears to be a .jpg file. When the user takes the bait, it unleashes a worm (W32.Pykspa.D - a nasty bitmap file of soap bubbles contained in the Windows installation directory). Many IT professionals and analyst firms such as Gartner Group do not recommend enterprise users install or use Skype. However, surveys have indicated a high percentage of professional workers regularly download and install applications such as Skype onto their corporate laptops and PCs. With 200 million users, hackers cannot resist the installed base of Skype users. Even though these events set back the image of Skype, Skype still makes headway - note the recent announcement that Wal-Mart has agreed to sell Skype's service.


Then there's Apple with a year-old QuickTime vulnerability that affects Firefox and iTunes. Petko Petkov (aka pdp) posted proof-of-concept code showing how QT formats can be used to hijack systems. Firefox recommends installing NoScript, a Firefox extension to protect. However, most users run software in default mode without knowledge of what to turn on or off that protects against malicious code. How often have you been browsing for WiFi access points only to find some SSID named 'linksys' with no security whatsoever? We have been accustomed to living with these sorts of threats, just look at how large the anti-virus and intrusion detection software has grown over the years.