Internet security company Websense Inc. on Tuesday said it had found a password-stealing computer virus that spreads through the popular Skype voice-over-internet protocol (VoIP) communications software.
The Trojan horse sends a messagethrough the Skype Chat text-based instant messaging tool and asksthe recipientto download afile namedsp.exe. If a user complies, the virus downloads Skype programming code and new versions of itself from the internet and tries to steal passwords, Websense's security alert said.
A Trojan horse is a program that appears to perform one function in order to hide a malicious one. Like the mythological Trojan horse such programs are named after, the deception tricks people into granting them access.
But the risk posed by the Trojan does not stem from any security flaw in Skype, Websense said, noting that the VoIP program properly forces any attempts to gain access to it to be authorized by the user.
"There is no vulnerability in Skype at this time that has been uncovered," Websense's security alert said.
Websense said the sites that the Trojan uses to download the Skype code and new versions of itself were offline on Tuesday.
The security firm first reported the threat on its security blog on Monday but mistook the Trojan for a worm. A worm is a type of virus that copies and spreads itself.
The initial infections appeared to be in the Asia-Pacific region, particularly in South Korea, Websense said.
At the end of September, Skype had 136 million registered users around the world.