On October 12th, 2009, Skype released an updated version (4.1.0.179) of their popular VoIP client, which fixed an unspecified vulnerability in their plug-in component for Skype called EasyBits Extras Manager. The EasyBits software is intended to protect commercial software, such as plug-ins, from illegal redistribution or unlicensed use.
Given the popularity of Skype, it is no surprise that cybercriminals are finding ways to target the users of the application. In this case, the cybercriminals have enough fodder available to them in the form of a potential vulnerability in the application itself. Vulnerability disclosures are one of the most common ways cybercriminals craft their exploits, including those seen in the exploit kits themselves. In this scenario, our Security Labs team has identified a working exploit in the wild that targets this vulnerability.
Figure 1: Skype exploit code found in the wild.
As illustrated in Figure 1, the malicious code exploits a Skype ActiveX vulnerability using primitive obfuscation techniques in order to bypass Antivirus security solutions. We can confirm this exploit code works successfully against vulnerable Skype installations. Testing this exploit page with VirusTotal, illustrates the dismal results achieved in Figure 2. 
Figure 2: Virus Total Results Page.
It is interesting to note that within Skype's own release notes for the security vulnerability, they provide a recommendation to their users to "use virus protection services in case of any problems."
Unfortunately for those users, the virus protection would have failed. However, the core issue here is not the antivirus solution's ability to mitigate this threat, but the fact that the update process remains problematic for many companies. Many users continue to run outdated applications for months, even years, and these old versions continue to be exploited by cybercriminals. Even with the disclosure and security fixes provided by application developers, cybercriminals know that most users rarely update, making it not only easy but beneficial to monitor sites that post disclosures and proof of concept code.
Ask yourself: Do you know what version of Skype you're running?
