News
Skype Spam Delivers Trojan - expert comment
May 2016 by Simon Crosby, CTO and co-founder at endpoint security firm, Bromium
Users of Skype are being warned of a spam campaign that attempts to install malicious code on their systems. These spam messages looks as though they have come from someone the user knows, but actually reads data from the infected system and links it to a Botnet, allowing the attackers to control it. Skype has said it’s not been able to get in touch with the owners of the compromised web server used in the attack, which means that the campaign is still affecting users.
Commenting on this, Simon Crosby, CTO and co-founder at Bromium said: "Creating a malicious website isn’t enough - you have to generate traffic to it. This is just one of a number of inventive methods that attackers will use to get more hits. No matter whether the user chances upon a malicious website, or clicks something that takes them there, the browsing must be isolated. Allowing un-isolated browsing on corporate systems is a losing game. Any application that can deliver media, files or executables to an endpoint from untrusted parties should be regarded as a vector of attack. The only safe way that such applications should be allowed to run on enterprise endpoints is in the presence of technology that will hardware-isolate the execution of any untrusted content, ensuring that if malware is delivered from the application it cannot make any changes to the system, access enterprise networks or data, and attack enterprise sites."
