Malware found in Skype's video-sharing feature on its instant messaging client has been causing more problems than initially thought possible. Not only can the unauthorized software run on a Skype user's PC, but it is in fact wormable, as it can be shared by clicking on a link from the IM client, or on a website. We first covered it here.
[img src="" caption="" credit="" alt=""]As Skype allows users to share content from Dailymotion and Metacafe, the worm can actually be spread to these two video-sharing sites, and subsequently across the web. Security problems have been confirmed for Skype 3.5 and 2.6 in specific regards to Dailymotion, but users were still able to share videos using Metacafe.
Initially mentioned by security researcher Aviv Raff, it appears that the problem stems from Skype's use of Internet Explorer's local security zone settings instead of using IE's "Internet Zone" security setting. A cross-site scripting flaw between Skype and Metacafe actually enables JavaScript to run on the video-sharing site, which could spread the malware onto other users' computers. As the malware is indeed serious enough to be spread through Skype and onto DailyMotion and MetaCafe's video-sharing sites, Skype has decided to shut down the entire video-sharing option on its IM client until the problem is resolved. According to Infoworld, Skype has said that it's working on fixing the issue, and plans to bring back video-sharing tools as soon as possible.