Gutsy Gibbon Slays Skype Hype!

Filed Under: SophosLabs

Ubuntu, Skype. What do these names have in common?

Newsworthiness. When there is any press about either, the article tends to float to the top of news aggregators and social bookmarking sites, even when the content is not necessarily newsworthy at all.

Let's take Ubuntu first, the Linux-based operating system that has received much attention recently, thanks in part to the support it receives from Canonical. Personally, I love it, and use it on machines at work and home. Why have I included it here? Well, today is an important day for Ubuntu - it sees the release of the latest version (7.10, aka 'Gutsy Gibbon'). Consumers of IT and social bookmarking feeds will be well aware of this, in part due to the fact that any Ubuntu-related news article seems to float to the top of social bookmarking feeds. Do the articles warrant this attention? For the most part, no. Many are repetitive and include little novel content. This is not to detract from Ubuntu itself, which has proven itself to be a very popular and successful operating system.

And will the latest release, complete with its '3D desktop magic' have a major impact in the market? Probably not. More likely it will just continue what previous releases have done - helping to gradually increase the market share of Ubuntu (and Linux in general). Despite recent reports from Dell [1,2] of an increase in sales of Linux (for servers, not PCs), they still only represent 1% of orders [3]. Though significant in its own way, particularly if uptake of Linux is outstripping Windows at the server level, we should not expect this to have any noticeable impact upon malware in the short term.

And so, on to Skype, popular software for users to make calls over the internet. Yesterday, we came across a piece of malware that attempts to harvest a user's Skype credentials by displaying a fake login window [4]. It also attempts to steal other credentials that may be stored on the victim machine. A major threat to customers? No. A threat of any real note? No, not really. But the simple fact that Skype was targeted ensures press on this single piece of malware. Aside from just my opinion, let's try to put this single piece of malware in perspective. On the day when this Trojan surfaced:

  • we published detection for almost 2,500 threats, several of which were behavioral genotype detections (covering many separate variants)
  • our automation systems processed 87 samples suspected to be banking malware
  • thousands of phishing emails targeting 37 financial institutions were blocked
  • hundreds of malicious websites hosting exploit code to install various data-stealing Trojans were identified

So, in the grand scheme of things, this Skype Trojan is fairly insignificant, and not worthy of news coverage. The problem is, when malware such as this receives press, people get the impression it is important, and presents a significant risk. And so, to allay the inevitable customer questions, a round of 'Keeping up with the Joneses' [5] press ensues, and the malware receives even more attention.

It would seem the name 'Skype' does for malware what 'Ubuntu' does for operating systems, making it hard sometimes to keep things in perspective!

You might like

About the author

Fraser is one of the Principal Virus Researchers in SophosLabs. He has been working for Sophos since 2006, and his main interest is in web related threats.