Symantec: Eavesdropping Trojan Targets Skype

By Brian Prince  |  Posted 2009-08-28 Print this article Print

Who needs a digital voice recorder when you have malware?

According to Symantec, source code for a new Trojan targeting users of Skype VOIP has appeared on the Internet.

So far there is no evidence the malware is spreading, but with the source code now public, it is possible malware writers can begin leveraging this type of functionality.

The Trojan injects a thread into the Skype process and hooks a number of Windows API calls, enabling it to eavesdrop on conversations before they reach Skype or any other audio application. After recording the audio, the malware can store it in an encrypted mp3 file and send it out to a predefined server where the attacker can access the conversations.

By recording the call as an mp3, the size of the audio file is kept low, which in turns make the process of transferring the data over the network faster.

"Skype has simply become a victim of its own popularity, most likely being targeted simply because it has such a large install base," according to Symantec Security Response. "This threat could just have easily been crafted to take advantage of any one of the myriad of other VOIP applications, and it's likely we'll see other threats in the future that do just that."

Symantec warns that with a little social engineering, an attacker could trick a user into downloading the Trojan, which is detected by Symantec as Trojan.Peskyspy.

At the moment however, the security vendor believes the risk posed by the threat is relatively low at this time.

"What we've seen is largely proof-of-concept and does not contain any method to spread from one computer to another," according to the blog. "However, it is possible that we will see variations on this Trojan theme in the future. With this in mind we recommend keeping your virus definition and IPS signatures up-to-date." |

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel