Tech Talk

[Skype vuln - update available]

FYI...

Skype vuln - update available
- http://secunia.com/advisories/38908/
Release Date: 2010-03-11
Criticality level: Moderately critical
Impact:   Security Bypass, Exposure of sensitive information
Where: From remote
Solution Status: Vendor Patch
Software: Skype 4.x ...
Solution: Update to version 4.2.0.1.55 (v4.2 hotfix #1)...
Skype Release notes:
https://developer.skype.com/WindowsSkype/ReleaseNotes ...
4.2
10.03.2010 Skype 4.2.0.155 for Windows

- http://isc.sans.org/diary.html?storyid=8407
Last Updated: 2010-03-11 18:28:34 UTC - "Skype IMBot... This is a fairly new vector... other IM based malware using skype IM so it’s not brand new but not too common yet either. The malware detects many Reverse Engineering applications and attempts to make the system unbootable if any type of RE is detected. It uses a new (novel) method to hide its processes/files. It scans local networks for 445 probably to exploit one of the many Microsoft vulnerabilities that can be exploited via that service. It uses "conficker like" encryption. It had logic to "infect" usb drives..."
- http://isc.sans.org/diary.html?storyid=8413
Last Updated: 2010-03-11 22:40:20 UTC - "SKYPE SPIM... social engineering attempt to get the recipient to load scareware or fakeAV... some java that is intended to simulate an antivirus scan. The scan is free of course. Everyone that gets "scanned" by this junk is infected. Getting cleaned of your viruses costs since you have to buy the commercial version to "clean" your infection..."

Skype SPIM (Instant Messaging SPAM)
- http://www.m86security.com/labs/i/Skype-SPIM-Instant-Messaging-Spam--,trace.1289~.asp
March 26, 2010 - With over 520 million users, Skype is the most popular VoIP (Voice over IP) application available today. It provides a great service, allowing families, friends and colleagues to connect to one another through voice and video chat across the globe. However, being so popular doesn’t come without a price. The price that is paid is in the form of Skype SPIM (Instant Message Spam). These messages are pushed out to a large percentage of Skype users on a regular basis. The SPIM messages can range from the common pharmaceutical product spam, to fake OEM software, investment scams, replica bags and watches, and adult dating site spam..."

(More detail and screenshots at the URL above.)

 

[Skype for Mac vuln - update available]

FYI...

Skype for Mac vuln - update available
- http://secunia.com/advisories/44522/
Release Date: 2011-05-09
Criticality level: Moderately critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Solution: Update to version 5.1.0.922.
Original Advisory: Skype:
http://blogs.skype.com/security/2011/05/security_vulnerability_in_mac.html

- http://www.securitytracker.com/id/1025511
May 10 2011

 

[Skype v5.8.0.154 released]

FYI...

Skype v5.8.0.154 released
- https://secunia.com/advisories/47856/
Release Date: 2012-02-03
Criticality level: Moderately critical
Where: From remote...
... vulnerability is reported in versions -prior- to 5.8.0.154.
Solution: Update to version 5.8.0.154.

- http://www.skype.com/intl/en-us/support/user-guides/

 

[Skype - pwd reset vuln]

FYI...

Skype - pwd reset vuln...
- http://heartbeat.skype.com/2012/11/security_issue.html
Nov 14, 2012 - "Early this morning we were notified of user concerns surrounding the security of the password reset feature on our website. This issue affected some users where multiple Skype accounts were registered to the same email address. We suspended the password reset feature temporarily this morning as a precaution and have made updates to the password reset process today so that it is now working properly. We are reaching out to a small number of users who may have been impacted to assist as necessary. Skype is committed to providing a safe and secure communications experience to our users and we apologize for the inconvenience."
___

- http://h-online.com/-1749720
14 Nov 2012

- http://www.theregister.co.uk/2012/11/14/skype_fixes_hijack_bug/
14 Nov 2012

 

[Skype v6.3.0.105 released]

FYI...

Skype v6.3.0.105 released
- https://secunia.com/advisories/52867/
Release Date: 2013-04-02
Criticality level: Moderately critical
Impact: Unknown
Where: From remote
... vulnerabilities are reported in versions prior to 6.3.0.105.
Solution: Update to version 6.3.0.105.
Original Advisory: http://blogs.skype.com/2013/03/14/skype-6-3-for-windows/
___

Skypemageddon by bitcoining
- https://www.securelist.com/en/blog/208194210/Skypemageddon_by_bitcoining
April 04 2013 - "... malware connects to its C2 server located in Germany... 213.165.68.138
- https://www.virustotal.com/en/file/411e93206a7750c8df25730349bf9756ddba52c1bc780eaac4bba2b3872bc037/analysis/
File name: skype-img-04_04-2013-exe.exe
Detection ratio: 32/46
Analysis date:    2013-04-08