The week that Skype has announced its big deal with MySpace, the world's largest social network, it has been hit by a major Trojan virus, the second in just over a month.
Researchers at McAfee have found the Trojan PWS-Pykse, which advertises itself to users as "Skype Defender". It works by tricking users into executing the malware.
The "Skype Defender" Trojan is classified as an infostealer, according to Skype Security. It appears as a plug-in confirmation window, saying "Skype-Defender(TM) Installed! Please login to your account to apply new plugins".
If users click "OK", it beings up what looks like the Skype login screen, although apparently the button design is slightly different.
If a user enters their name and password, they are informed that they have not been recognised, but the malware has collected them by that point – along with all their other usernames and passwords stored in Internet Explorer.
Skype has issued information about the problem: "To remove the malware, please update your anti-virus software. At this time, we have notified F-Secure, TrendMicro, Symantec, WebSense, and FaceTime Security Labs. For manual removal it is enough to delete the 65404-SkypeDefenderSetup.exe file."
This is in stark contrast to the bold claims on Skype's website, that states that "Skype is free of Adware, Spyware and Malware" and goes on to boast: "We will not display unwanted and intrusive advertising, or allow any malware or spyware to operate".