Spam May Not Be Skype's Biggest Worry

A couple weeks ago, I pondered what the future would hold for the current iteration of Skype, whether feature and particularly security enhancements would be put off until eBay launches a whole new system to work around their ongoing legal problems with Joltid. At that time, my question revolved around the issue of Skype spammers, as I consistently found unwanted people had injected their profiles into my contact lists - or so I thought. Instead, as I later learned, my problem was more with Skype's presentation logic rather than the actual security. For while the spammers were displayed among my contacts, their presence there represented an invite to connect rather than an actual contact. The problem with that presentation logic is that for obvious spam accounts, I never clicked on the account to see the difference. Instead I would just block it and move on. What would make more sense would be to present invites in a separate window or dialog box that requires a user's specific approval, rather than acting like users should and would automatically want every invite to be added to the contact roster. Either way, Skype knows they have an increasing spam problem, as was addressed on one of their blogs recently. Unfortunately, while the blog tells of a company initiative to fix the problem, there are no details to be had on what the company will actually do or when they might do it. In a nutshell, Skype is saying "We're working on it, stay tuned." Meanwhile, the onus remains on users to identify and report spammers. But my overarching question about ongoing security development on the current Skype still remains, as the company may face a more pressing test looking in the near term, as Sophos Labs today revealed some information about a Skype Trojan that has been written, and for which the source code is currently being distributed. "The Trojan injects a dll component into a running process of Skype. The dll then hooks the "send" and "recv" APIs in this Skype process to the Trojan's own custom functions. This allows the Trojan to extract and save the audio and video data, and send it back to the attacker. We're detecting both the executable and the injected dll as Troj/Skytap-Gen based on samples we've seen so far." The upshot of this Trojan is that, no matter how secure your system may be, if the caller on the other end is infected, your call gets recorded no matter. Let's hope Skype has a more clear plan - and timeframe - to deal with this threat. Update: Differing slightly from Sophos' report, Symantec research indicates this Trojan operates by "hooking various Windows API calls that are used in audio input and output" and that the problem doesn't lay within Skype itself. In other words, the Trojan hooks into Windows subsystems Skype utilizes, and the Trojan then listens for and records Skype calls specifically.

A couple weeks ago, I pondered what the future would hold for the current iteration of Skype, whether feature and particularly security enhancements would be put off until eBay launches a whole new system to work around their ongoing legal problems with Joltid.

At that time, my question revolved around the issue of Skype spammers, as I consistently found unwanted people had injected their profiles into my contact lists - or so I thought. Instead, as I later learned, my problem was more with Skype's presentation logic rather than the actual security. For while the spammers were displayed among my contacts, their presence there represented an invite to connect rather than an actual contact.

skypespam.png

The problem with that presentation logic is that for obvious spam accounts, I never clicked on the account to see the difference. Instead I would just block it and move on. What would make more sense would be to present invites in a separate window or dialog box that requires a user's specific approval, rather than acting like users should and would automatically want every invite to be added to the contact roster.

Either way, Skype knows they have an increasing spam problem, as was addressed on one of their blogs recently. Unfortunately, while the blog tells of a company initiative to fix the problem, there are no details to be had on what the company will actually do or when they might do it. In a nutshell, Skype is saying "We're working on it, stay tuned." Meanwhile, the onus remains on users to identify and report spammers.

But my overarching question about ongoing security development on the current Skype still remains, as the company may face a more pressing test looking in the near term, as Sophos Labs today revealed some information about a Skype Trojan that has been written, and for which the source code is currently being distributed.

""The Trojan injects a dll component into a running process of Skype. The dll then hooks the "send" and "recv" APIs in this Skype process to the Trojan's own custom functions. This allows the Trojan to extract and save the audio and video data, and send it back to the attacker. We're detecting both the executable and the injected dll as Troj/Skytap-Gen based on samples we've seen so far.""

The upshot of this Trojan is that, no matter how secure your system may be, if the caller on the other end is infected, your call gets recorded no matter.

Let's hope Skype has a more clear plan - and timeframe - to deal with this threat.

Update: Differing slightly from Sophos' report, Symantec research indicates this Trojan operates by "hooking various Windows API calls that are used in audio input and output" and that the problem doesn't lay within Skype itself. In other words, the Trojan hooks into Windows subsystems Skype utilizes, and the Trojan then listens for and records Skype calls specifically.