Skype Trojan Can Log VoIP Conversations

← Back to Stories (view on slashdot.org)

Skype Trojan Can Log VoIP Conversations

Posted by timothy on Sunday August 30, 2009 @11:24AM from the sans-malice-would-be-a-useful-thing dept.

Slatterz writes "Security giant Symantec claims to have found the public release of source code for a Trojan that targets Skype users. Trojan.Peskyspy is spyware which records a voice call and stores it as an MP3 file for later transmission. An infected machine will use the software that handles audio processing within a computer and save the call data as an MP3. The file is then sent over the internet to a predefined server where the attacker can listen to the recorded conversations."

6 of 151 comments (clear)

Min score:

Reason:

Sort:

Platforms... by Slur · 2009-08-30 11:27 · Score: 2, Interesting

Does this affect the Mac OS X version, or does at least one of the callers have to be on a PC?

--
-- thinkyhead software and media
1. Re:Platforms... by m50d · 2009-08-30 20:48 · Score: 2, Interesting
  
  While some may argue the point, it seems most likely that when the average /.er says PC, they mean x86, running Windows.
  Given how many linux users (or people liking to pretend they're linux users) there are here, I'd say you're wrong.
  
  --
  I am trolling
Re:Doesn't seem terribly practical by girlintraining · 2009-08-30 12:41 · Score: 3, Interesting

"The downside for the malware creators is that they would need a lot of time on their hands to go through hours of Skype audio files to find anything of monetary interest."
You seem to be laboring under the idea that using speech recognition software would not occur to these people, or that the cost of transcription would be higher than the benefit received. First, it's already in widespread use in certain industries. Second, some targets are going to yield much better information than others -- you're correct that if you target a 100,000 random skype phone conversations you won't get much. But what if you only targeted people using it between the hours of 9am and 5pm and had job titles and functions associated with financial data?
Suddenly, you've got yourself a viable criminal enterprise.

--
#fuckbeta #iamslashdot #dicemustdie
Re:How can you hide this? by brusk · 2009-08-30 13:19 · Score: 4, Interesting

If you could track the numbers called (on skypeout), you might be able to identify calls to banks, credit card companies, etc., and listen only to those.

--
.sig withheld by request
Re:Larger problem than Windows. by palegray.net · 2009-08-30 14:37 · Score: 2, Interesting

Nah, I wouldn't have to kill you. I'd just go to prison for a long time.

--
512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
Symantec geniuses can click a /. link by uassholes · 2009-08-31 02:40 · Score: 2, Interesting

So we discuss "Coder of Swiss Wiretapping Trojan Speaks Out" on Aug 26; http://it.slashdot.org/article.pl?sid=09/08/26/144249, in which TFS says: "Last night, he published the source code of his Skype-Trojan under the GPL." (http://www.megapanzer.com/2009/08/25/skype-trojan-sourcecode-available-for-download/), and now the Einsteins at Symantec "claims to have found the public release of source code". Fucking brilliant.