The Windows version of the Voice-over-IP software Skype reads and stores the BIOS and motherboard serial number of a user’s computer. This hidden feature was accidentally discovered because of an error message Skype outputs when executed on 64-bit versions of Windows.
An assembly expert with pseudonym Myria who found the hidden executable, reports on his blog that once Skype is launched it dumps a 16-bit executable file called 1.com in the user’s temporary folder. The executable contains code that reads the data found in the BIOS address area and pipes it to the Skype application. It is not clear what Skype does with the data.
The executable works only on 32-bit versions of Windows because the kernel supports “NT Virtual DOS Machine”, which allows read-only mapping of the BIOS address area. This allows DOS programs running under NTVDM to make used of the BIOS. However, 64-bit systems are lack of NTVDM, hence causing Skype to pop-up an error message.
What makes it more interesting is that the Skype software attempts to prevent the contents of the executable file from being examined. According to Myria, the file could only be opened after the system had been rebooted because of a forced kernel panic.