Skype Trojan Can Log VoIP Conversations 151
Slatterz writes "Security giant Symantec claims to have found the public release of source code for a Trojan that targets Skype users. Trojan.Peskyspy is spyware which records a voice call and stores it as an MP3 file for later transmission. An infected machine will use the software that handles audio processing within a computer and save the call data as an MP3. The file is then sent over the internet to a predefined server where the attacker can listen to the recorded conversations."
Platforms... (Score:3, Interesting)
Does this affect the Mac OS X version, or does at least one of the callers have to be on a PC?
Re: (Score:1, Insightful)
Doesn't Mac OS X runs on PCs?
Re: (Score:1)
Re: (Score:1)
Yeah. Macs ARE PCs.
They can't be a PC, they have that pretty picture of an apple on them... PCs don't have that...
Re: (Score:1)
Re:Platforms... (Score:4, Insightful)
Re: (Score:1)
Re: (Score:2, Interesting)
Given how many linux users (or people liking to pretend they're linux users) there are here, I'd say you're wrong.
Re: (Score:2)
Re: (Score:1, Insightful)
I'm sure that Mac OS X programs can record audio too. Guys, you're running Skype, a program which is closed source, uses anti-reverse-engineering techniques and pretty much behaves like typical malware in many ways. If privacy is a big concern to you, you're doing it wrong.
source (Score:5, Informative)
Does this affect the Mac OS X version, or does at least one of the callers have to be on a PC?
It's written for Windows, like usual, and at least one of the callers would have to be infected.
Source: http://www.megapanzer.com/2009/08/25/skype-trojan-sourcecode-available-for-download/ [megapanzer.com]
Re: (Score:2)
Technically there is no reason why this has to be Windows only. All it would require is to modify the Skype binary to call an mp3 encode function for each audio block it sends or receives. If you can get the user to run your Skype binary, either by replacing the original, or by changing $PATH, then it will work. Skype is supposed to have some anti-reverse engineering code, but it has been cracked before.
Re: (Score:2)
Or just record everything coming out of the sound card & microphone, and keep an eye on what text is coming up in the Skype window to see who is calling and when to bother to record. Is there any reason that wouldn't work?
Re: (Score:1)
Re: (Score:3, Funny)
Really?
My phone comically confuses the most basic of voice commands, but I should be afraid it is scraping my calls for keywords?
Re: (Score:2)
Re: (Score:3, Funny)
Having worked in communications for both government and private organizations for ten years, I can tell you there's some interesting stuff out there.
But you can't actually tell us anything specific about the interesting stuff out there without having to kill us, right?
Re: (Score:3, Interesting)
Re: (Score:2)
Umm, yea. It's not like anything you're trying to hide is really a big secret.
Because anybody with half a brain and prerequisite knowledge would know something you're trying to not talk about already exists. From there's it's just a matter of simple deduction.
Oh, you must be talking about what replaced the old Cray-based network traffic sniffers, teh ones that would key into detected words like bomb and terror or assassinate.
Nothing new there, shit I've got stock in that.
Re: (Score:3, Insightful)
But I'm sure that's what you really meant, right?
The truth is out there (Score:1)
Re: (Score:2)
On Star and cell phones have been used by law enforcement to listen in on people.
On Star and cell phones are purposely designed to allow the the government to track and spy on you. I'm not sure that's the case with Skype, though it wouldn't surprise me.
Bastards! (Score:5, Funny)
As usual, I see no Linux support at all. I've almost made up my mind to format and install Windows again. Damn those rat bastard virus writers! Always forgetting us lusers!
Re: (Score:2)
As usual, I see no Linux support at all. I've almost made up my mind to format and install Windows again. Damn those rat bastard virus writers! Always forgetting us losers!
There. Fixed it for ya.
Re: (Score:2)
Like mostly everything else it probably DOESN'T run on OS X. And in case you missed the last 4 years or so we don't really have the distinction PC/Mac anymore (not to mention that Mac OS X runs on many "PCs" from netbooks to Macs - and so does Windows in all incarnations worth mentioning).
Re:Platforms... (Score:5, Funny)
What??? Mac users are gay?
Are these gay? http://www.slashgear.com/wp-content/uploads/2009/01/steve-jobs-3g-iphone1.jpg [slashgear.com]
Is this gay? http://images.businessweek.com/mz/04/44/0444_20innova.jpg [businessweek.com]
iDon't think so, troll!
This is IMPOSSIBLE (Score:3, Funny)
Skype sells condoms now???!?
Re: (Score:3, Funny)
I'd mod him up if he wasn't posting AC
Oh, and if I wasn't posting
And if I had mod points
Attn: Sir (Score:5, Funny)
Honoured friend,
Forgive me this unusal contact, but the circumstanes of perfection are such.
My name is Ringotha Dingo. I am an administrator at the European/African Internet Facility.
Through my work, and the unfortunate death of my colleage, I have available to me many unused and unencrypted, cross platform Moderator points. I would be most eager to benefit you with them; however, due to a revolution in my country I am unable to access my computer network. This can be arranged by my agent in London. Please contact him directly, and reference the small agreement that you might benefit me with so that I might flee my country with my wife and two children.
I am awaiting your abrupt reply. And will immediately have you sent an bankers draft by email if you will provide me with such.
All my good fortunes to you!
Ringotha Dingo
Adminsistrator African Europeein Internets
Toob Farm, Sweatn Bongos
Gontoofar Way
Re: (Score:2)
Not to support the poster you were replying to, but that 2nd picture is totally gay. Sesame Street in the background is an instant giveaway. Come on.. Bert and Ernie? Everyone knows they were the first gay couple on television...
Re:Platforms... (Score:5, Insightful)
You know, I'd rather have a homophobic retard bigot like you think I was gay, rather than having a gay person think I was a homophobic retard bigot.
Like you.
Re: (Score:2)
You know.. you could have just said, "I know you are, but what am I?" and it would have been a lot easier to read...
Re: (Score:2)
that one sizzled!, too bad i aint got any points to mod you!
I'm safe (Score:2)
Use OGG and you'll be safe too.
Re:I'm safe (Score:5, Insightful)
Re:I'm safe (Score:4, Insightful)
What stops the trojan from statically linking an mp3 encoder? Or just downloading a dynamic library if there are size constraints?
Re:I'm safe (Score:5, Funny)
Re: (Score:2)
LAME MP3 Encoder http://lame.sourceforge.net/ [sourceforge.net]
Re:I'm safe (Score:5, Funny)
Re: (Score:1)
"What stops the trojan from statically linking an mp3 encoder? Or just downloading a dynamic library if there are size constraints?"
If such a thing were actively found and reported it would be the end of that company, and with ebay still holding stake in it at this moment I don't think they could afford a country-wide lawsuit with every person using a computer involved.
Same way EA couldn't stand up to my DRM lawsuit for Spore. I managed to get a huge enough backlash to occur in and out of court that they bu
Re: (Score:1)
Put on your tin foil hat! Perhaps it is an elaborate attempt by the RIAA to further stigmatize the "mp3" format!
Conspiracy (Score:3, Funny)
NSA/CIA/FBI/Police's dream! (Score:2)
And Skype all this time was claiming wiretaps were an undue burden that they didn't have to comply with!
Sounds familiar... (Score:5, Informative)
Re:Sounds familiar... (Score:5, Informative)
I wonder if they're talking about this trojan http://it.slashdot.org/story/09/08/26/144249/Coder-of-Swiss-Wiretapping-Trojan-Speaks-Out [slashdot.org]
Yep. Apparently some news site picked it up a week later and wrote their own article without the original details, making it front page news all over again. The only thing new is that Symantec gave it a goofy name.
Re: (Score:2)
I should have known I wouldn't be the first to remember that from last week. Can we mod both timothy and Slatterz -1 Redundant?
How can you hide this? (Score:4, Insightful)
Re: (Score:1, Informative)
Two channels of voice communication can be compressed to about 1kByte/s, less if you omit "silence". No, that is not easily noticeable. You could write uncompressed 8kHz 8bit audio (64kbps*2, 16kByte/s, ISDN quality) and most people wouldn't notice. Most computers are so busy with background processes that regular hard disk activity is expected.
Re:How can you hide this? (Score:4, Insightful)
Nope. You'd hardly notice it sitting on your 1.5TB hard drive since low bitrate of voice MP3s are usually pretty small. Betcha the trojan would store the files in the ole temp folder of IE along with other junk files.
Pretty slick idea of a trojan but boring to listen to millions conversations that have little value. Only thing I can think of the trojan author would use some kind of speech recognition software to look for phrases like "passwords" or "credit card info"
Sadly that I rarely download software anymore due to concerns of backdoors or trojans as it's a money game now.
Re:How can you hide this? (Score:5, Interesting)
Re: (Score:2, Informative)
There are a lot of automated banking by phone facilities that rely on the user entering their account numbers and passwords via the keypad. An attacker won't even need sophisticated speech recognition software - all they need is software looking for DTMF tones.
Re: (Score:2)
Good catch. Now you just gave them new ideas!
Re: (Score:2)
Just have it look for important phone numbers, IRS, major banks, etc.
How much important info would you be likely to gleam from skype-skype calls as opposed to skype-landline?
Putting size in perspective... (Score:2)
The recordings started as uncompressed WAV files. With a callcenter of ~100 seats, they took up about 6 GB/day. After we moved to daily MP3 encoding, at bit rates much higher than would have probably been required for the legal CYA the recordings were made for, three to four days worth of recordings fit on a single DVD-R.
We used LAME with that -V2 switch I think.
Re: (Score:2)
If the phone user is talking 24/7 and has a small hard drive - sure. The loss of 4 gig (the equivalent of 4 *days* of MP3's, or so sayeth my iPod about my music collection) would go unnoticed by all but the most paranoid of users or someone whose hard drive was almost full.
Re: (Score:2)
Re: (Score:1)
Well, there's something hideously wrong with your calculations... The longest MP3 in my collection (approx 12mins) takes up 11k.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Anyone sophisticated enough to include a rootkit better be sophisticated enough to wipe out the possibility of a byte-for-byte diff scan to detect the virus or MP3 files.
Doesn't seem terribly practical (Score:3, Insightful)
Re:Doesn't seem terribly practical (Score:4, Interesting)
"The downside for the malware creators is that they would need a lot of time on their hands to go through hours of Skype audio files to find anything of monetary interest."
You seem to be laboring under the idea that using speech recognition software would not occur to these people, or that the cost of transcription would be higher than the benefit received. First, it's already in widespread use in certain industries. Second, some targets are going to yield much better information than others -- you're correct that if you target a 100,000 random skype phone conversations you won't get much. But what if you only targeted people using it between the hours of 9am and 5pm and had job titles and functions associated with financial data?
Suddenly, you've got yourself a viable criminal enterprise.
Re: (Score:2)
Throw in blacklisting the skype-to-skype calls, then whitelist all the calls to known bank numbers, IRS etc.
Grind the whitelisted stuff first, then if you have extra cycles work on all the stuff in the middle :)
Oh, and don't restrict 9-5pm if there are DTMF codes, someone may be doing phone banking ;)
Re: (Score:2)
"You seem to be laboring under the idea that using speech recognition software would not occur to these people"
You seem to be laboring under the idea that speech recognition software really works.
Re: (Score:2)
Targeted malware is a real threat, and even if the attacker hasn't narrowed it down to a particular person of interest, it would still be possible to narrow down the relevant audio based on accompanying text messages and file transfers. The audio just before and after "Keep this confidential" in the text chat and "Tender Offer Pricing.xls" would draw an inside trader's attention, for example.
Source Code Available Here (Score:5, Informative)
It appears that a guy named Ruben Unteregger published the source code on his site at http://www.megapanzer.com/source-code/#skypetrojan [megapanzer.com]
According to his site, he removed a plugin system from the source as well as code to bypass firewalls, but he'll add it back in at a later date.
From looking at the source, this is heavily geared toward Windows, so the current iteration of the source doesn't affect OS X at this time.
Re: (Score:3, Informative)
Yes, you may remember the recent Slashdot discussion on this exact topic. [slashdot.org]
Re: (Score:2)
From looking at the source, this is heavily geared toward Windows, so the current iteration of the source doesn't affect OS X at this time.
It might if they're having a Skype conversation with a Windows user...
W
Surprised this actually works (Score:4, Funny)
Given all the DRM Microsoft is adding to Windows at the behest of the MPAA and RIAA, I am surprised that an app can even GET access to the raw audio anymore.
Re: (Score:1)
Furthermore, I doubt it's stealing audio at the hardware level, it seems talking the audio from Skype as it is sent / received would be a better plan.
Re:Surprised this actually works (Score:5, Insightful)
Audio (and everything else) sent by skype is encrypted.
That is why you need to install a Trojan ON the target machine. This Trojan grabs it AFTER it has been decrypted by skype.
Because it is running local it should be detectable.
Because they chose the trojan route, you can be reasonably assured that breaking the encryption is harder and more troublesome than sneaking into your house and installing a trojan or tricking you into installing it for them.
Others may coerce intermediary/confiscate endpoint (Score:2)
Audio (and everything else) sent by skype is encrypted.
[...]
Because they chose the trojan route, you can be reasonably assured that breaking the encryption is harder and more troublesome than sneaking into your house and installing a trojan or tricking you into installing it for them.
For some of them. Unless users have a way to exchange their public keys in a reliable PKI through a secure channel (and not involving the provider at least as far as the private ones are concerned, which moreover have to be immune even to physical access to local storage), they can't be sure that nobody else will ever compromise their conversations.
Re: (Score:2)
For some of them. Unless users have a way to exchange their public keys in a reliable PKI through a secure channel
Well Skype is similar to SSL in that department.
And we all know how secure that is.
Oh, wait....
So what? (Score:2, Funny)
This is no worse than the US Department of Homeland Security does on an ordinary weekday. So, why should I be concerned? I don't have anything to worry about, since I don't have anything I need to hide! We should trust the hackers to use their authority responsibly.
Nothing to hide... (Score:1)
Re: (Score:2)
How about if you brag to your buddy on the fone how much you ripped the government off with that nifty tax dodge you found out about?
Howbout if you bitch about how much of your taxes go to support something the Powers That Be are totally for, an
Symantec should read (Score:5, Informative)
Re: (Score:1)
Re: (Score:2)
Considering that this has thus been posted twice, maybe Slashdot should read Slashdot.
Re: (Score:2)
It would be much more clever to post a dupe story with links that point to the first slashdot story.
holy basal bark batman! (Score:1)
dupe dupe dupe, dupe of earl, dupe dupe, dupe of earl...
RIAA to the rescue... (Score:5, Funny)
I'm gonna call myself and play all my CDs through Skype. That way the RIAA will unleash their pack of lawyers on the scammer who illegally downloads all those songs as MP3s off my computer.
So, in transit it's still OK? (Score:2)
I notice that "tapping" Skype is always a matter of compromising one of the end points. I presume it's harder to tap Skype in transit as traffic can take any old route via the Internet - or that's the impression we should get.
News? (Score:2)
Now, this WOULD be news or at least newsworthy if there was a program that allows a MITM attack to encrypted Skype communication. But let's be honest, what do we have here?
1) A program, installed on the affected computer
2) Which messes with what's being done by a certain other program
3) Which creates a log of the data being sent to and from this program (after decryption of said data)
4) Wich sends that data to a predetermined server
That's not news. That's been done for at the very least 5 years now. The dif
Is Skype secure at all (Score:1)
No it's a Feature (Score:1)
Skype is not where the vulnerability is (Score:1)
And the worst job ever?? (Score:2)
Worst Job Ever: Being the poor guy that has to listen to all these random conversations in the hopes that something not retarded will be said...
Symantec geniuses can click a /. link (Score:2, Interesting)
Re: (Score:1, Informative)
Have you been living under a rock? [h-online.com]
Re: (Score:2)
Or Symantec...?
I bet Symantec either funds the creation of a lot of the viruses out there in the wild, or even authors them outright. Got to keep those threats out there to keep selling product...
Re: (Score:2)
Woosh!
This is a dupe, though I'm too lazy to look it up. It is about a week old or so.
It was reported by a hacker on his blog. He worked for the gov't of Switzerland and it was done on their dime.
I've tried Symantec products (Score:5, Funny)
I've tried Symantec products. This could not be true.
If they wrote a virus it would have a 500MB install and you'ld have to click the EULA four times. It would take 90% of CPU and 90% of RAM while doing nothing and require 100% of everything for a couple of hours to update before it could do something. The updater would break and you'ld have to reinstall Windows, then the update prep package, and then the virus to get it to activate at all. And when it was finally working, it would break before connecting to its control server.
If you wanted a virus that bad, you might as well install Windows 98. At least the user interface would be similar to Symantec.
Re: (Score:2)
I think the real problem isn't government use: it's the use by estranged spouses who make their former partners' lives a living hell.
Re: (Score:3, Funny)
Yup. You're missing something. They hide those kind of details in the article.
Go ahead. Read it. I won't tell anyone.
Re: (Score:1, Funny)
But if I read the article, I won't be a true slashdotter anymore.
Re: (Score:2)
Ergo, it is stuff that matters.
Re: (Score:1)
Hm. Hardly offtopic since it's from the sans-malice-would-be-a-useful-thing dept. I was just raising the question.
Re: (Score:2)
No, but it is easily added:
http://atdot.ch/scr/ [atdot.ch]
Re: (Score:2)
Thanks for that link -- I think call recording is an essential feature of any phone.
Speaking of which, do you know of a call recorder app for Android that doesn't suck by attempting to record the incoming channel using the microphone or force you into speakerphone mode ?