Skype error paved the way for hackers to attack

Skype users are facing the risk of being targeted by hackers after a new fatal security error in this Internet-based calling software is officially made public.

Security researcher Aviv Raff said Wednesday that the error stems from Skype's use of Internet Explorer to reproduce HTML content. The software does not use any security control solution in implementing the content reproduction process. Hackers can fully take advantage of this vulnerability to operate or install malware on a user's PC.

But in order to be able to organize attacks, hackers must first find a reputable website with a fairly programmable error - XSS error (cross-site scripting). XSS errors are the basis for hackers to trick Skype into operating their malicious code. In this case Skype will mistakenly assume that the source code is downloaded from a reputable website.

In the video showing how the exploit method was posted on the personal blog site, expert Raff successfully took advantage of the XSS error on Dailymotion.com website and Skype's 'Add video to chat' feature to control and launch. Activate the Windows Calculator app.

' Clicking on the' Add video to chat 'button users will be directed to the DailyMotion website but at the same time the attacker will be able to do a lot of things that are harmful to their PC ,' security research expert Petko Petkov said. ' This is a very dangerous form of attack because it doesn't need much user intervention .'

The latest version Skype 3.6.0.244 is confirmed with the above error. But expert Raff warns that older versions of Skype may also make mistakes. ' Until Skype fully fixes this error, I recommend that users should not use the app's' add video to chat 'feature .'

Skype's representative declined to comment on the above information.