Jeff Duntemann's Contrapositive Diary Rotating Header Image

May 30th, 2011:

Skype and EasyBits: Mistake or Attack?

After a strange reluctance to jump on the issue, the major news outlets have begun covering the excitement of this past Saturday morning, when untold numbers of Skype users suddenly found new software installed on their Windows PCs, without so much as a notification or request for permission from Skype. Skype has been almost silent on the issue, as has the firm that originated the software in question, EasyBits GO. EasyBits is not obviously malware, but there were some weird EasyBits/Skype connections with malware last year, and Saturday’s install certainly acted like malware. So was it a mistake? Or was it an attack? The greatest weirdness of all is that we still don’t know.

My take? It looks like a mistake. It smells like an attack.

I set up an old XP machine with Skype on it Saturday afternoon, and left Skype running in a window. It’s still running as I write, and there’s no trace of the EasyBits installer. I thought the fact that it was still at SP2 might have made a difference, but I’ve heard from people who got the install on SP2 machines. This suggests that Skype immediately stopped pushing installs once the crap started to fly online, which further suggests that Skype was in control and that it was a mistake rather than an attack.

There’s a tendency to love a great story, and we have to be careful not to read more into things than reality warrants. I’m an SF writer, and the futures I’ve tried to predict (as have many other, far more notable SF writers than I) have turned out to be a lot more dramatic and colorful than the future that actually worked itself out over the years. We underestimated small things (computers) and way overestimated big things, like space travel and (yes indeedy!) flying cars.

Here’s an example of wearing your SF hat too much: Some years back, I was predicting that malware authors would create trojans that very quietly installed file-sharing nodes behind the screen of rootkit techniques, which would then search for sharable content on the machine and then open LimeWire-style P2P connections to the Net at large. Because it was a trojan, it would provide plausible deniability in copyright infringement lawsuits–and because it provided plausible deniability for file-sharing, people would deliberately infect their machines with it. The trojan would soon be on over a billion machines, and Big Media could do nothing at all about it.

That would have made a great cyberpunkish story; maybe I should still write it. But it didn’t happen, and I think it won’t happen. Malware authors are well past this sort of Merry Pranksters stage. Malware happens for one reason only: Money. If there’s no way to monetize a malware scheme, it won’t be written. So with anything like the Skype Affair, you have to look for the money. Crapware still seems to be the likeliest explanation: EasyBits could have paid Skype by the install to push down a new version of its games platform, and make it look like a normal Skype update. Stupidity intervened, which happens all the time. (Google “Sony Rootkit” to see only one example, and certainly the stupidest. Bruce Schneier has what I consider the last word.)

That said, there’s still the possibility that a server-side infection was behind the push, and that what we got was a compromised version of EasyBits that may at some later time (patience, patience!) download the Real Deal, whatever that Real Deal might be. And whatever it is, it’ll be about money.

The end of the story hasn’t been written yet. Keep your virus checkers handy. Consider Skype alternatives. (Look into Jitsi.) And stay tuned.