Slashdot Mirror
Skype Trojan Can Log VoIP Conversations
Slatterz writes "Security giant Symantec claims to have found the public release of source code for a Trojan that targets Skype users. Trojan.Peskyspy is spyware which records a voice call and stores it as an MP3 file for later transmission. An infected machine will use the software that handles audio processing within a computer and save the call data as an MP3. The file is then sent over the internet to a predefined server where the attacker can listen to the recorded conversations."
Does this affect the Mac OS X version, or does at least one of the callers have to be on a PC?
-- thinkyhead software and media
That's great. How long until we find out some government commissioned it?
Use OGG and you'll be safe too.
News at 11.
(Look, if you're a terrist and don't want your phone conversations recorded, don't run untrusted software, mkay?)
Somehow, Oprah's got to be behind this...
Skype sells condoms now???!?
And Skype all this time was claiming wiretaps were an undue burden that they didn't have to comply with!
Uh... no shit? I mean the guy who coded something like this (the interception and logging of skype calls just released the source code for it). How is this more relevant than "trojan found that logs your emails".
..extremely boring.
I wonder if they're talking about this trojan http://it.slashdot.org/story/09/08/26/144249/Coder-of-Swiss-Wiretapping-Trojan-Speaks-Out
Wouldn't this quickly take enough disk space to be easily noticeable?
Seems more like something that would be used by investigators, employers, jealous partners, and their like. As TFA says, "The downside for the malware creators is that they would need a lot of time on their hands to go through hours of Skype audio files to find anything of monetary interest." The idea is so obvious that this is likely why we haven't seen this before.
I'd mod him up if he wasn't posting AC
Oh, and if I wasn't posting
And if I had mod points
It appears that a guy named Ruben Unteregger published the source code on his site at http://www.megapanzer.com/source-code/#skypetrojan
According to his site, he removed a plugin system from the source as well as code to bypass firewalls, but he'll add it back in at a later date.
From looking at the source, this is heavily geared toward Windows, so the current iteration of the source doesn't affect OS X at this time.
Given all the DRM Microsoft is adding to Windows at the behest of the MPAA and RIAA, I am surprised that an app can even GET access to the raw audio anymore.
Does this affect the Mac OS X version, or does at least one of the callers have to be on a PC?
It's written for Windows, like usual, and at least one of the callers would have to be infected.
Source: http://www.megapanzer.com/2009/08/25/skype-trojan-sourcecode-available-for-download/
Here I sit, all broken hearted.
Came to poop, but only farted.
Does it record the numbers you call? Because, if so, couldn't they just look at numbers which tend to be banks and whatnot, listen in on the call, and possibly get sensitive info that way? Or am I missing something?
Honoured friend,
Forgive me this unusal contact, but the circumstanes of perfection are such.
My name is Ringotha Dingo. I am an administrator at the European/African Internet Facility.
Through my work, and the unfortunate death of my colleage, I have available to me many unused and unencrypted, cross platform Moderator points. I would be most eager to benefit you with them; however, due to a revolution in my country I am unable to access my computer network. This can be arranged by my agent in London. Please contact him directly, and reference the small agreement that you might benefit me with so that I might flee my country with my wife and two children.
I am awaiting your abrupt reply. And will immediately have you sent an bankers draft by email if you will provide me with such.
All my good fortunes to you!
Ringotha Dingo
Adminsistrator African Europeein Internets
Toob Farm, Sweatn Bongos
Gontoofar Way
Really?
My phone comically confuses the most basic of voice commands, but I should be afraid it is scraping my calls for keywords?
On Star and cell phones have been used by law enforcement to listen in on people.
On Star and cell phones are purposely designed to allow the the government to track and spy on you. I'm not sure that's the case with Skype, though it wouldn't surprise me.
Power does not corrupt - power attracts the corrupt.
http://it.slashdot.org/story/09/08/26/144249/Coder-of-Swiss-Wiretapping-Trojan-Speaks-Out?from=rss http://www.megapanzer.com/wp-content/uploads/SkypeTrojan.zip isn't it the same story?.. I guess we've got some users from symentec here and they've just reposted it at they "blog". So why you have to post that news here _again_?
This is no worse than the US Department of Homeland Security does on an ordinary weekday. So, why should I be concerned? I don't have anything to worry about, since I don't have anything I need to hide! We should trust the hackers to use their authority responsibly.
Not having used Skype since it launched, are you saying that recording the call isn't already a feature?
Seems like it could be a pretty popular plug-in if they neutered the redirection.
It's not your cell phone you should be worried about. It's the rather impressive amount of computing power available on the network side, along with a few boxes installed by our friends in suits. You know, the ones your tax dollars pay the salaries of. Having worked in communications for both government and private organizations for ten years, I can tell you there's some interesting stuff out there.
512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
Slashdot... Didnt the person who created this release this open source before the weekend?? Symantec is a little slow on the ball... http://it.slashdot.org/story/09/08/26/144249/Coder-of-Swiss-Wiretapping-Trojan-Speaks-Out
you know you can fry stuff putting things into things that dont like the things you put into it...
As usual, I see no Linux support at all. I've almost made up my mind to format and install Windows again. Damn those rat bastard virus writers! Always forgetting us lusers!
"Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
"Anonymous Coward"?
I remember back in the 90's some trojans could take a recording of whatever the mic heard in the room (if there was one attached) and or take pics/video from the camera (again, if it found one) and send it.
Having worked in communications for both government and private organizations for ten years, I can tell you there's some interesting stuff out there.
But you can't actually tell us anything specific about the interesting stuff out there without having to kill us, right?
I'd rather you rationally disagree than irrationally agree.
Nah, I wouldn't have to kill you. I'd just go to prison for a long time.
512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
If a program runs on your computer, it can record any audio going through the audio system? WHAT?!?! How is that possible! You mean to tell me that when a program executes on my computer, it can record audio!!!!!
Please looking up the definition of a trojan- its just a program that gets into your computer...however...and runs like any other program. Don't be surprised if it records audio, forwards your emails, deletes files, etc. This thread should be no surprised because such programs have existed for the last 10-15 years. The fact that it targets Skype doesn't make it especially novel or worth noting. There have been trojans that install and allow remote recording of your computers microphone for ages now. This one just hooks into skype and detects when a phone call is coming in and records it. Nothing has changed- avoid trojans or someone can record everything you do on your computer.
dupe dupe dupe, dupe of earl, dupe dupe, dupe of earl...
Drat! Now they'll know all about how my girlfriend's day went and that I'm barely listening. *shakes fist*
Umm, yea. It's not like anything you're trying to hide is really a big secret.
Because anybody with half a brain and prerequisite knowledge would know something you're trying to not talk about already exists. From there's it's just a matter of simple deduction.
Oh, you must be talking about what replaced the old Cray-based network traffic sniffers, teh ones that would key into detected words like bomb and terror or assassinate.
Nothing new there, shit I've got stock in that.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
I'm gonna call myself and play all my CDs through Skype. That way the RIAA will unleash their pack of lawyers on the scammer who illegally downloads all those songs as MP3s off my computer.
Audio (and everything else) sent by skype is encrypted.
[...]
Because they chose the trojan route, you can be reasonably assured that breaking the encryption is harder and more troublesome than sneaking into your house and installing a trojan or tricking you into installing it for them.
For some of them. Unless users have a way to exchange their public keys in a reliable PKI through a secure channel (and not involving the provider at least as far as the private ones are concerned, which moreover have to be immune even to physical access to local storage), they can't be sure that nobody else will ever compromise their conversations.
The general idea that monitoring systems have been in place for a long time (and continue to evolve) is nothing new. The specifics of what's actually deployed now and how it operates is not, however, public knowledge. That's what people go to jail over, as they rightfully should, not the basic premise that (shock of shocks) telcos can monitor what go across their networks.
But I'm sure that's what you really meant, right?
512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
The specifics of what's actually deployed now and how it operates is not, however, public knowledge. That's what people go to jail over, as they rightfully should, not the basic premise that (shock of shocks) telcos can monitor what go across their networks.
Uh, no, people shouldn't be going to jail for that. In fact, the only criminal thing is the government monitoring private communications in the first place. Unveiling what the government uses is the exact opposite of an act of sedition/treason. People should be doing that wherever possible.
For some of them. Unless users have a way to exchange their public keys in a reliable PKI through a secure channel
Well Skype is similar to SSL in that department.
And we all know how secure that is.
Oh, wait....
Sig Battery depleted. Reverting to safe mode.
That's why I only ever talk in Latin while using skype.
Or you could kill us - still a possibility of no prison.
You just have to Bing! it.
Help stamp out iliturcy.
I notice that "tapping" Skype is always a matter of compromising one of the end points. I presume it's harder to tap Skype in transit as traffic can take any old route via the Internet - or that's the impression we should get.
Insert
I've tried Symantec products. This could not be true.
If they wrote a virus it would have a 500MB install and you'ld have to click the EULA four times. It would take 90% of CPU and 90% of RAM while doing nothing and require 100% of everything for a couple of hours to update before it could do something. The updater would break and you'ld have to reinstall Windows, then the update prep package, and then the virus to get it to activate at all. And when it was finally working, it would break before connecting to its control server.
If you wanted a virus that bad, you might as well install Windows 98. At least the user interface would be similar to Symantec.
Help stamp out iliturcy.
Now, this WOULD be news or at least newsworthy if there was a program that allows a MITM attack to encrypted Skype communication. But let's be honest, what do we have here?
1) A program, installed on the affected computer
2) Which messes with what's being done by a certain other program
3) Which creates a log of the data being sent to and from this program (after decryption of said data)
4) Wich sends that data to a predetermined server
That's not news. That's been done for at the very least 5 years now. The difference is maybe that this time we're talking about MP3s instead of text files. Yes, that's more data being transfered. Else?
The oh-so-terribly-secure encryption of Skype means jack in that context. At some point in the lifetime of the program, the data has to be decrypted so the person having the conversation can actually understand what is said. This has to be done in a format the audio driver is able to process, thus has to follow a standard. You tap into the data after decryption on receive and before decryption on send. Just as it's done with the oh-so-secure connections to your bank, PayPal and EBay when you have a trojan listening in your machine.
So, again, where's the news? That it's now audio data instead of text?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Once a friend in the IT security mentioned that he'll install Skype only on a carefully firewalled virtual machine, with nothing else on it. Now there is one more reason to believe him. 'Skype' and 'securoty' just don't go well together.
But Skype users are NOT the intended customer. Seriously, this being no big suprise along with it's closed source and Z-fone incompatibility, makes Skype a real loser. The only thing that makes them attractive is they have marketshare. People love being able to search other people they already know (as facebook) and connect with them, regardless of the applications insecure nature.
I find the hype on this very misleading. Once I install an operating system modification that exists in the address space of an application, I can fairly well do whatever I want. This one happens to target Skype. Similar ones could just as easily have targeted browser login's and passwords, or ssh.
so, when i call up my mom back home over skype and she yells at me..its being recorded!!!!
god bless the poor person who has to go thru those recordings.
Worst Job Ever: Being the poor guy that has to listen to all these random conversations in the hopes that something not retarded will be said...
yvan eht nioj
So we discuss "Coder of Swiss Wiretapping Trojan Speaks Out" on Aug 26; http://it.slashdot.org/article.pl?sid=09/08/26/144249, in which TFS says: "Last night, he published the source code of his Skype-Trojan under the GPL." (http://www.megapanzer.com/2009/08/25/skype-trojan-sourcecode-available-for-download/), and now the Einsteins at Symantec "claims to have found the public release of source code". Fucking brilliant.
"...a predefined server"
Can't the authorities have the server shutdown or at least filter out all connection attempts to the predefined port?
If a "Telco" was a private entity (like the kind you trust your credit card information to) then fine. The problem is, a "Telco" has 100,000 employees, half of whom are sleazy, wormy government informants any given day of the week.
Where's your in-house security? Oh that's right - you have none. The very fact that you are conducting surveillance for a third party, proves that you are not loyal to your customers.
I've been trying to record my calls. I've used xvidcap and that works ok for the video but not for the sound so far. If this bug/flaw/virus ever does impact linux I'm sure it will fail about 80% of the time because it's hard to do this on purpose!
Stupidity is its own reward.
I used to work for a callcenter, and absolutely everything was recorded.
The recordings started as uncompressed WAV files. With a callcenter of ~100 seats, they took up about 6 GB/day. After we moved to daily MP3 encoding, at bit rates much higher than would have probably been required for the legal CYA the recordings were made for, three to four days worth of recordings fit on a single DVD-R.
We used LAME with that -V2 switch I think.
Boot Windows, Linux, and ESX over the network for free.