Skype has not been attacked, eBay said Friday, dispelling rumors that Russian hackers took down its popular online telephony service.
For more than a day now, millions of Skype users have been knocked offline by a major service outage that has crippled the service. By Friday morning, things had improved for some users, but many were still unable to connect.
EBay attributes the outage to a problem in a Skype networking algorithm, but code has been posted to a Russian security discussion forum that could supposedly be used to knock the service offline in a DOS (denial-of-service) attack.
The code, which was published anonymously, appears to be capable of forcing Skype’s servers to freeze up, said SecurityLab.ru editor, Valery Marchuk, in a
posting to the Full Disclosure security discussion list. “Reportedly it must have caused Skype massive disconnections,” he wrote.
Not necessarily so, say researchers who looked at the code Friday.
The code is designed to repeatedly launch Skype and overwhelm the server with information, said Andrew Storms, director of security operations with nCircle Network Security. “But I couldn’t say if it would have this kind of potential DOS effect on all of Skype,” he said via instant message.
The code simply would not work as advertised, said Stefano Zanero, chief technology officer with Secure Network SRL. “The attack code is fake, no doubt on that,” he said via instant message. “I don’t think this is the cause of whatever is happening to Skype.”
EBay’s Villu Arak addressed the issue directly in a Friday blog
post, saying that neither hackers nor a recent technology update were to blame.
“Neither Wednesday’s planned maintenance of our Web-based payment services nor any form of attack was related to the current sign-on issues in any way,” he wrote.