Daily cyber threats and internet security news: network security, online safety and latest security alerts
August 28th, 2009

Skype Eavesdropping Trojan Code Released By Developer

Earlier this week, Swiss programmer Ruben Unteregger who has been reportedly working for a Swiss company ERA IT Solutions responsible for coding government sponsored spyware, has released the source code of a trojan horse that injects code into the Skype process in order to convert the incoming and outgoing voice data into an encrypted MP3 available at the disposal of the attacker.

When the trojan, currently detected as Trojan.Peskyspy, executed, it injects a thread into the Skype process and hooks a number of API calls, allowing it to intercept all PCM audio data going between the Skype process and underlying audio devices. Since the Trojan listens to the data coming to and from the audio devices, it gathers the audio independently of any application-specific protocols or encryption applied by Skype when it passes voice data at the network level.

The incoming and outgoing audio data are stored in separate .mp3 files. The Trojan also opens a back door on the compromised computer, allowing an attacker to perform the following actions:
– Send the .mp3 to a predetermined location
– Download an updated version
– Delete the Trojan from the compromised computer”

Skype is often dubbed a “national security threat” by governments all across the globe due to their — at least publicly acknowledged inability — to crack the 256-bit encryption VoIP calls.

And while some of these governments are reportedly spending surreal amounts of tax payer’s money (Rental of the Skype-Capture-Unit per month and instance EUR 3.500) in order to achieve their objectives, others are taking the cost-effectiveness path by attacking the weakest link in the process – the end user infected with a targeted DIY government sponsored spyware recording all ongoing and incoming Skype calls, thereby bypassing the need to attack the encryption algorithm.

Credit: Security Blogs

Share this item with others:

More on CyberInsecure:
  • Skype File URI Security Bypass Code Execution Vulnerability
  • Skype Encrypted Instant Messages Can Be Eavesdropped
  • Users Database Breached, Personalized Phishing Hits Skype Users
  • Advanced Social Engineering Worm Infects Yahoo! Messenger And Skype Users
  • Pirates Privacy Breached After Downloading Fake Game Installer

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Skype Eavesdropping Trojan Code Released By Developer

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.