Skype has been forced to turn off a video-sharing feature in its software because it could be misused to launch a self-copying worm attack against Skype users, according to security researchers.
A bug in the software, which was first reported last week, stems from the way Skype uses an Internet Explorer component to render HTML.
Last week security researcher Aviv Raff showed how attackers could exploit the bug to run unauthorised software on a Skype user's PC. But on Tuesday, the security researcher said the flaw was more serious than he'd first thought. It can "be triggered by simply visiting a website, or clicking on a link from your instant messaging application," he wrote in a blog posting, "Which basically means that this vulnerability is now wormable."
Skype appeared to have pulled the video feature from its client software on Tuesday as a result of the bug. Users who attempted to click on the "videos" button within a chat window were greeted with a message that the feature was unavailable "because of some security concerns."