Skype Trojan Can Log VoIP Conversations 151
Posted
by
timothy
from the sans-malice-would-be-a-useful-thing dept.
from the sans-malice-would-be-a-useful-thing dept.
Slatterz writes "Security giant Symantec claims to have found the public release of source code for a Trojan that targets Skype users. Trojan.Peskyspy is spyware which records a voice call and stores it as an MP3 file for later transmission. An infected machine will use the software that handles audio processing within a computer and save the call data as an MP3. The file is then sent over the internet to a predefined server where the attacker can listen to the recorded conversations."
Re:Conspiracy! (Score:1, Informative)
Have you been living under a rock? [h-online.com]
Sounds familiar... (Score:5, Informative)
Source Code Available Here (Score:5, Informative)
It appears that a guy named Ruben Unteregger published the source code on his site at http://www.megapanzer.com/source-code/#skypetrojan [megapanzer.com]
According to his site, he removed a plugin system from the source as well as code to bypass firewalls, but he'll add it back in at a later date.
From looking at the source, this is heavily geared toward Windows, so the current iteration of the source doesn't affect OS X at this time.
source (Score:5, Informative)
Does this affect the Mac OS X version, or does at least one of the callers have to be on a PC?
It's written for Windows, like usual, and at least one of the callers would have to be infected.
Source: http://www.megapanzer.com/2009/08/25/skype-trojan-sourcecode-available-for-download/ [megapanzer.com]
Re:How can you hide this? (Score:1, Informative)
Two channels of voice communication can be compressed to about 1kByte/s, less if you omit "silence". No, that is not easily noticeable. You could write uncompressed 8kHz 8bit audio (64kbps*2, 16kByte/s, ISDN quality) and most people wouldn't notice. Most computers are so busy with background processes that regular hard disk activity is expected.
Re:Sounds familiar... (Score:5, Informative)
I wonder if they're talking about this trojan http://it.slashdot.org/story/09/08/26/144249/Coder-of-Swiss-Wiretapping-Trojan-Speaks-Out [slashdot.org]
Yep. Apparently some news site picked it up a week later and wrote their own article without the original details, making it front page news all over again. The only thing new is that Symantec gave it a goofy name.
Re:Source Code Available Here (Score:3, Informative)
Yes, you may remember the recent Slashdot discussion on this exact topic. [slashdot.org]
Symantec should read (Score:5, Informative)
Re:How can you hide this? (Score:2, Informative)
There are a lot of automated banking by phone facilities that rely on the user entering their account numbers and passwords via the keypad. An attacker won't even need sophisticated speech recognition software - all they need is software looking for DTMF tones.