Dec. 26 message to Skype's VoIP software, as represented fairly easy to use - hackers attack other people may think so.
According to Hong Kong and Taiwan media reported last week, well-known Internet voice (VoIP) software Skype network security threats outgoing message. Issued the first warning of Websense that a worm through the Skype Chat feature, Skype users to send requests to download an executable file of the message, if the other party will be established after the implementation of spyware, not only to steal user information, but also to connect an external Host download other malicious programs.
Websense will be followed by the revised Trojans. The CA then issued a circular claim that there is at the same time called Win32/Chatosky.A of worms, and Trojan horses Win32/Skiks.A, two unrelated malicious programs, are not the same time the first time. The former includes not successfully connect the external URL, which will record keystrokes (keystroke) order to steal passwords, credit card numbers and other confidential information.
Including Web senese, CA or Symantec have caused disaster for the program slightly, spreading area is not classified as low risk. Regularly updated anti-virus programs as long as the user is not caused by an impact. But on the other hand, it also confirmed the safety briefing earlier this year, security companies and consultants predict.
In March this year, international research organizations, Communication Research Network security warning, as Skype, Vonage and other VoIP software uses proprietary communication protocol, and transmit the content is encrypted, the outside world can not monitor the content of transmission, computer users may be implanted Skype puppet program become a puppet of the network (botnet) of an army.
Between June, Gartner also released a Skype security threat related to the report, pointed out that Skype has a security threat, the proposed business must first be completed before opening up Skype's risk assessment.
"You could say the nightmare will soon come true," CA security technology consultant Linhong Jia said.
More than Skype
Including several species, including Skype for free VoIP / IM software, thanks to universal and communication networks, thanks to technological advances, have become widely welcomed by Internet users to replace the words of the communications software market. Skype, the most famous example, over 700 million customers worldwide.
Currently Google, AOL, Yahoo, MSN and other major companies in the well-known real-time communication (Instant Messenging, IM) software, also have VoIP capabilities.
Although very comfortable to use, but because of this, such as to channel technology (tunneling) transfer the software-based attacks may be reduced to a tool, security experts said.
First of all, compared to traditional mail or Web traffic, VoIP voice message transmission control more difficult. Voice spam (spam over internet telephony, SPIT), like the future may also present as spam clogging voicemail.
Fortinet security experts predict, VoIP is difficult to trace the location and identity of the caller, may be caring people, it allows troubled many intellectuals and even the elderly fraud call spread to the network.
Sight
Apart from the security concerns than predictive, a more difficult defensive security threat may be in sight.
Trend Micro Chief Technology Officer should be reached in a previous visit to the king that, as the artificial intelligence technology, there is now a malicious code can even impersonate users of IM software, mailing list of "contacts", and a simple user dialogue, to induce the use He who is not suspected, according to the message sent or received messages at point of entry.
Lin Hongjia channel is directed at VoIP, technology software threats. Anti-virus, intrusion detection tools such as the popularity of network defense, forcing the behavior of malicious programs towards low-key and precise, regional changes in the attack, he said, VoIP to ensure that the contents of secret communications, but also to the monitoring of the chance to escape malicious program and the victim less, more deep samples collected - and the antidote to produce anti-virus - more difficult.
Skype last week's attack process has demonstrated characteristics of the new network attacks. He said, with a few improvements, such as the file that contains malicious code is not fixed, or secretly implants without the user receives, triggering the disaster would be disastrous.
CA has issued a notification to major corporate customers, require customers to pay attention to the risks from Skype.
VoIP software "easy to use, difficult to control, block less than a small sample size," he said, "hackers as long as enough creativity to be a put down to several millions of users is not impossible."