:: Deepquest ::

Companies should “act now” to combat the growing security threat posed by Skype and other voice over IP telephony services, industry experts warned today.

Analyst firm Gartner said that the latest vulnerability in the Skype for Windows client highlights the risk of using the application in enterprises.

Lawrence Orans, a research director at Gartner, issued the warning after Skype published a security bulletin for a ‘medium risk’ vulnerability in the Skype for Windows user client.

The new vulnerability could allow an attacker to transfer a single named file from a victim’s PC.

The victim must first be tricked into visiting a malicious website under control of the attacker, and the attacker must know the location of the requested file on the victim’s machine, the analyst explained.

This latest vulnerability follows three separate incidents in 2005, two rated ‘high-risk’ and one ‘low-risk’.

Orans warned that, because the Skype client is a free download, most businesses have no idea how many Skype clients are installed on their systems nor how much Skype traffic passes through their networks.