There has recently been considerable alarm about the possibility of a malicious code spreading via Skype. Skype is a system that allows voice communication over established Internet connections, in an environment very similar to that of telephone calls. It even allows calls to be made to telephones from a computer, with lower tariffs than that of a normal call. The real problem that a malicious code for Voice over IP (VoIP) would suppose is that it opens a whole new field for hackers to create new types of malware. Initially, one might think of malicious code that uses VoIP in order to propagate, as was the case with the Trojan mentioned at the beginning. In reality, this represents nothing more than finding a new communication channel.

New? No! There are already many worms that spread using numerous instant messaging systems. So this Trojan has not really done anything that hasn't been going on for many years now. The problem lies in using the full characteristics of VoIP in order to spread malicious code. Imagine a dataflow across an audio channel (perhaps at a frequency that is not audible to humans) that could crash the voice system, causing a denial of service. Or that this dataflow could be used to create a system status that would allow execution of malicious code. This would be something genuinely new with respect to propagation of code, unlike other hundreds of codes that use messaging systems simply to propagate. But this is nothing more than speculation.

The link for this article located at IT Observer is no longer available.