A password-stealing Trojan is targeting Skype, posing as a security plug-in for the popular VOIP and IM service and displaying a fake log-in screen that's almost identical to the real thing. McAfee's Avert Labs is identifying the Trojan as PWS-Pykse, and F-Secure is referring to it as Trojan-Spy.Win32.Skyper.B. Skype is calling it 65404-SkypeDefenderSetup.exe. The Trojan identifies itself as the "Skype-Defender" plug-in and is attempting to steal Skype usernames and passwords, along with all usernames and passwords saved in Internet Explorer. After execution, the Trojan disables running instances of Skype and swaps in its fake Skype login window. If the victim enters his or her username and password, the malware captures it and any others saved in IE and posts it via http to a Web site for the malware author to retrieve. Security researchers, and Skype, are recommending that users update their antivirus detections to avoid infection.