This is a prime example of one of my chief complaints about Skype; Skype presents a back door into your network that can’t be monitored. A Warezov worm variant is spreading through the Skype network posing as a legitimate Skype IM prompting users to click on a link to download the payload.

Granted, you can snipe the HTTP ‘get’ and you can snipe the payload inbound but its far more efficient to be able to block the inbound message in the first place, which you can’t do because Skype’s traffic is encrypted, effectively defeating any IPS on the planet.

For that reason, this is a very good argument for solid endpoint security; AV + patch management + HIPS, etc.

For more information about this topic

• No Related Post