Malware VoIP Attack Roundup—Skype and Callcentric
Plain old telephone service (POTS) is basic, old (been around since the late 19th century), and painfully low-tech compared to broadband communications services available today. Still, POTS has one redeeming feature: reliability, i.e., the five nines reliability standard, which means a dial tone is available for 99.999% of the time.
Recently, two of the most well-known VoIP providers—Skype and Callcentric—acknowledged problems with their service.
Skype: "lol is this your new profile pic?"
The following update was posted on the Skype blog: “We have received reports of some malicious activity targeting a small number of Skype users with an instant message and link that says, "lol is this your new profile pic?"
Sophos' Naked Security blog reports:
Clicking on the suspicious links leads to the download of a ZIP files (variously called skype_06102012_image.zip or skype_08102012_image.zip) that contains executable files detected by Sophos anti-virus products as Troj/Agent-YCW or Troj/Agent-YDC. The Trojan horse opens a backdoor, allowing a remote hacker to take control of infected PCs, communicating with a remote server via HTTP. Before you know it, your computer has been recruited into a botnet (the malware is a variant of the Dorkbot worm) and could fall victim to a ransomware attack.
Skype recommends downloading the latest version of Skype from skype.com, keeping your PC or device security up-to-date with the latest anti-virus software, and refraining from clicking on suspicious files and links.
Callcentric: Distributed Denial-of-service (DDoS)
In the first outage that we can remember, the official Callcentric Twitter account reported on October 5: "We were the subject of a sophisticated DDoS attack. Now working on informing clients.” The company referred anxious clients to a Help Net Security report on DDoS attacks recently launched using the so-called itsoknoproblembro DDoS toolkit. Callcentric later tweeted, “It is indeed a major outage situation and the biggest one we've had since we started.”
The company is working to resolve issues and will file a report with the FBI. Users still experiencing problems are urged to submit support tickets.
