It seems that the bad guys have Skype users firmly ion their sights. Hot on the heels of the Dorkbot ramsomware worm spreading via Skype messages comes voicemail spam that contains links that push malware onto unwitting Skype users.
Chris Boyd, Senior Threat Researcher at security firm GFI Software describes the threat. Over on the GFI Labs blog he posts an example of the spam message, which he describes as looking "pretty authentic".
The hyperlinks in the message take users to download the Blackhole exploit kit, which is then used to install the Zeus Trojan horse onto PCs. Once that happens, they are under the control of the bad guys.
It's not just Skype spam that you have to wary of either. According to Boyd "there’s a fair amount of spam targeting users with exploits right now and it covers a wide range of subjects from payroll notifications and Craigslist adverts to UPS invoices and American Express payment receipts".
Neither Blackhole or Zeus are new malware (although the authors of Blackhole do use complex tricks to try to get past security software), so any good, up-to-date antivirus program -- such as the free Microsoft Security Essentials tool -- will be able to detect, prevent installation, and even remove these nasties.
Another tip to keep your system Blackhole free is to make sure that your browser and all browser plugins are up-to-date, and that you have installed all updates for your operating system -- both Windows and OS X. Blackhole relies on vulnerabilities in software to get a foothold into systems, so the easiest ways to defend against it is to make sure updates are installed in a timely fashion.
