Sophos has reminded companies of the potential impact of VoIP and instant messaging (IM) applications on enterprise networks following the discovery of a worm that spreads via Skype's IM chat system.
The Pykse-A worm spreads via Skype instant messages, posing as a link to a photograph of a young model called Sandra. Clicking on the link does display an image of a scantily clad model wearing stiletto heeled shoes, but only after infecting the PC with a downloader Trojan which then installs the worm.
Once up and running, the Pykse worm attempts to connect to a number of remote websites, presumably in an attempt to generate advertising revenue for them by increasing their number of 'hits'. "This is another example of the methods used by malware authors to attempt to make money,” says Brett Myroff, CEO of master Sophos distributor, NetXactics
“With an ever increasing wave of malicious attacks, companies need to ensure that they not only have secure defences in place, but are also enforcing policies to control what programs their users run and which websites they visit."
Sophos notes that there have been a number of worms which have spread via Skype instant messaging in the past, however none of them have been particularly widespread compared to other major outbreaks of malware.
“Since last year, Sophos anti-virus products have been capable of policing which users in a business are allowed to run VoIP programs (including Skype) through Sophos Application Control. With regards to VoIP, this not only combats virus risks but also avoids bandwidth being eaten up by unauthorised communications,” says Myroff.
A poll conducted by Sophos last year found that 86.1% of system administrators who expressed an opinion wanted the power to control use of VoIP in their companies, with 62.8% saying blocking was essential.
The fact that Skype also contains an instant messaging component also raises concerns for system administrators, as it is potentially an avenue for data leakage as well as malware infestation. More and more companies are setting a policy as to what instant messaging client is to be used in the business, and whether it can be used for communicating with the outside world.
"Having security and control measures in place can help prevent attacks like the Pykse worm,” Myroff adds.