A Skype flaw patched some 9 months ago with the new version (18.104.22.168) of the VoIP client has been spotted being exploited in the wild.
According to M86 Security Labs, the vulnerability has been discovered in the EasyBits Extras Manager, a plug-in component for Skype, and for all those people who haven’t updated their client, this presents a gaping hole in their security perimeter.
With the above code, the attackers are able to exploit the vulnerability to download malware on the user’s system and bypass the great majority of antivirus solutions.
Bradley Anstis, VP of Technology for M86 Security says that there is no evidence that the campaign is a massive one, but it definitely points out the fact that updating software is of crucial importance.
Dancho Danchev points out that Skype is well known for having a glitch that prevents users to update the client using the “Check for updates” feature. If they want to use the new version, they are forced to download it and install it – making the updating process inconvenient and the users stick with the old version.