Skype Ltd. again warned users of its software that malicious code targeting the voice-over-IP (VoIP) and instant messaging service was on the prowl, the second such alert in the past five weeks.
A Trojan horse posing as a Skype add-on is stealing log-on credentials, the company's online spokesman, Villu Arak, said yesterday in a blog posting. Calling itself Skype Defender, the malware installs if users download and run the executable SkypeDefenderSetup.exe, then launches to display a mock Skype interface complete with username and password fields. Entering valid information, however, only results in the bogus application claiming, "Your Skype name and password were not recognized. Please check and try again." By that time, the log-on information, usernames and passwords remembered by Internet Explorer have been snatched and sent to the attacker.