Trustwave does not believe that the backdoor was put in for nefarious purposes, but was more likely the result of quick-and-dirty development practices.“An interesting possibility is that this bug is the result of a backdoor entered into the Desktop API to permit a particular program written by the vendor to access the Desktop API without user interaction,” the company said in a statement.

“Indeed, this possibility seems even more likely when you consider that the Desktop API provides for an undocumented client name identifier.”Ironically, the actual Skype Dashboard widget does not use the backdoor, despite using the name that would give it access without notification.“This raises the possibility that the backdoor is the result of a development accident which left the code behind accidentally during the process of implementing the Dashboard plugin,” the company said.

