A Trojan passing itself off as the Skype voice-over-Internet (VoIP) client is making the rounds, security firm MessageLabs warned Monday.
The IRCbot variant is spammed via e-mail, with the attached file payload disguised as the newest release of Skype, version 1.4, said MessageLabs. Skype Technologies released the 1.4 client at the end of September.
"For further details see the attached document," read the e-mail after an opening spiel touting Skype's features.
Users who launch the attached file see a fake dialog box on their screens; the dialog displays a phony installation error. In fact, the Trojan is installing itself, shutting down access to Windows Update, and connecting to an IRC server for further instructions from its handler.
"This is the first case that we've seen that specifically mentions Skype," said Maksym Schipka, a senior anti-virus researcher at MessageLabs, in a statement. "It's another example of how malware writers are quickly exploiting new releases of popular software applications in order to spread their malicious payloads."