Websense Security Labs has had reports of a new worm that uses Skype to propagate. We are still investigating the issue but here are the details so far: * users receive messages via Skype Chat to download and run a file * the filename is called sp.exe * assuming the file is run it appears to drop and run a password stealing Trojan Horse * the file also appears to run another set of code that uses Skype to propagate the original file * the file is packed and has anti-debugging routines (NTKrnl Secure Suite packer) * the file connects to a remote server for additional code * the original site has been black holed and is not serving the code anymore * the number of victims is still TBD * the original infections appear to be in APAC region (Korea in particular) More: http://www.websense.com/securitylabs/alerts/alert.php?AlertID=716
