Slashdot Mirror
Skype Trojan Can Log VoIP Conversations
Slatterz writes "Security giant Symantec claims to have found the public release of source code for a Trojan that targets Skype users. Trojan.Peskyspy is spyware which records a voice call and stores it as an MP3 file for later transmission. An infected machine will use the software that handles audio processing within a computer and save the call data as an MP3. The file is then sent over the internet to a predefined server where the attacker can listen to the recorded conversations."
Does this affect the Mac OS X version, or does at least one of the callers have to be on a PC?
-- thinkyhead software and media
Use OGG and you'll be safe too.
Somehow, Oprah's got to be behind this...
Have you been living under a rock?
Skype sells condoms now???!?
And Skype all this time was claiming wiretaps were an undue burden that they didn't have to comply with!
I wonder if they're talking about this trojan http://it.slashdot.org/story/09/08/26/144249/Coder-of-Swiss-Wiretapping-Trojan-Speaks-Out
Wouldn't this quickly take enough disk space to be easily noticeable?
Seems more like something that would be used by investigators, employers, jealous partners, and their like. As TFA says, "The downside for the malware creators is that they would need a lot of time on their hands to go through hours of Skype audio files to find anything of monetary interest." The idea is so obvious that this is likely why we haven't seen this before.
I'd mod him up if he wasn't posting AC
Oh, and if I wasn't posting
And if I had mod points
It appears that a guy named Ruben Unteregger published the source code on his site at http://www.megapanzer.com/source-code/#skypetrojan
According to his site, he removed a plugin system from the source as well as code to bypass firewalls, but he'll add it back in at a later date.
From looking at the source, this is heavily geared toward Windows, so the current iteration of the source doesn't affect OS X at this time.
Or Symantec...?
I bet Symantec either funds the creation of a lot of the viruses out there in the wild, or even authors them outright. Got to keep those threats out there to keep selling product...
Given all the DRM Microsoft is adding to Windows at the behest of the MPAA and RIAA, I am surprised that an app can even GET access to the raw audio anymore.
Does this affect the Mac OS X version, or does at least one of the callers have to be on a PC?
It's written for Windows, like usual, and at least one of the callers would have to be infected.
Source: http://www.megapanzer.com/2009/08/25/skype-trojan-sourcecode-available-for-download/
Here I sit, all broken hearted.
Came to poop, but only farted.
Honoured friend,
Forgive me this unusal contact, but the circumstanes of perfection are such.
My name is Ringotha Dingo. I am an administrator at the European/African Internet Facility.
Through my work, and the unfortunate death of my colleage, I have available to me many unused and unencrypted, cross platform Moderator points. I would be most eager to benefit you with them; however, due to a revolution in my country I am unable to access my computer network. This can be arranged by my agent in London. Please contact him directly, and reference the small agreement that you might benefit me with so that I might flee my country with my wife and two children.
I am awaiting your abrupt reply. And will immediately have you sent an bankers draft by email if you will provide me with such.
All my good fortunes to you!
Ringotha Dingo
Adminsistrator African Europeein Internets
Toob Farm, Sweatn Bongos
Gontoofar Way
Really?
My phone comically confuses the most basic of voice commands, but I should be afraid it is scraping my calls for keywords?
On Star and cell phones have been used by law enforcement to listen in on people.
On Star and cell phones are purposely designed to allow the the government to track and spy on you. I'm not sure that's the case with Skype, though it wouldn't surprise me.
Power does not corrupt - power attracts the corrupt.
I think the real problem isn't government use: it's the use by estranged spouses who make their former partners' lives a living hell.
Woosh!
This is a dupe, though I'm too lazy to look it up. It is about a week old or so.
It was reported by a hacker on his blog. He worked for the gov't of Switzerland and it was done on their dime.
Learning HOW to think is more important than learning WHAT to think.
This is no worse than the US Department of Homeland Security does on an ordinary weekday. So, why should I be concerned? I don't have anything to worry about, since I don't have anything I need to hide! We should trust the hackers to use their authority responsibly.
Yup. You're missing something. They hide those kind of details in the article.
Go ahead. Read it. I won't tell anyone.
So, you're saying it's not news for nerds, right?
Ergo, it is stuff that matters.
This issue is a bit more complicated than you think.
It's not your cell phone you should be worried about. It's the rather impressive amount of computing power available on the network side, along with a few boxes installed by our friends in suits. You know, the ones your tax dollars pay the salaries of. Having worked in communications for both government and private organizations for ten years, I can tell you there's some interesting stuff out there.
512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
Slashdot... Didnt the person who created this release this open source before the weekend?? Symantec is a little slow on the ball... http://it.slashdot.org/story/09/08/26/144249/Coder-of-Swiss-Wiretapping-Trojan-Speaks-Out
you know you can fry stuff putting things into things that dont like the things you put into it...
As usual, I see no Linux support at all. I've almost made up my mind to format and install Windows again. Damn those rat bastard virus writers! Always forgetting us lusers!
"Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
Hm. Hardly offtopic since it's from the sans-malice-would-be-a-useful-thing dept. I was just raising the question.
"Anonymous Coward"?
Having worked in communications for both government and private organizations for ten years, I can tell you there's some interesting stuff out there.
But you can't actually tell us anything specific about the interesting stuff out there without having to kill us, right?
I'd rather you rationally disagree than irrationally agree.
But if I read the article, I won't be a true slashdotter anymore.
Nah, I wouldn't have to kill you. I'd just go to prison for a long time.
512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
No, but it is easily added:
http://atdot.ch/scr/
Running with Linux for over 20 years!
Umm, yea. It's not like anything you're trying to hide is really a big secret.
Because anybody with half a brain and prerequisite knowledge would know something you're trying to not talk about already exists. From there's it's just a matter of simple deduction.
Oh, you must be talking about what replaced the old Cray-based network traffic sniffers, teh ones that would key into detected words like bomb and terror or assassinate.
Nothing new there, shit I've got stock in that.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
Thanks for that link -- I think call recording is an essential feature of any phone.
Speaking of which, do you know of a call recorder app for Android that doesn't suck by attempting to record the incoming channel using the microphone or force you into speakerphone mode ?
I'm gonna call myself and play all my CDs through Skype. That way the RIAA will unleash their pack of lawyers on the scammer who illegally downloads all those songs as MP3s off my computer.
Audio (and everything else) sent by skype is encrypted.
[...]
Because they chose the trojan route, you can be reasonably assured that breaking the encryption is harder and more troublesome than sneaking into your house and installing a trojan or tricking you into installing it for them.
For some of them. Unless users have a way to exchange their public keys in a reliable PKI through a secure channel (and not involving the provider at least as far as the private ones are concerned, which moreover have to be immune even to physical access to local storage), they can't be sure that nobody else will ever compromise their conversations.
The general idea that monitoring systems have been in place for a long time (and continue to evolve) is nothing new. The specifics of what's actually deployed now and how it operates is not, however, public knowledge. That's what people go to jail over, as they rightfully should, not the basic premise that (shock of shocks) telcos can monitor what go across their networks.
But I'm sure that's what you really meant, right?
512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
For some of them. Unless users have a way to exchange their public keys in a reliable PKI through a secure channel
Well Skype is similar to SSL in that department.
And we all know how secure that is.
Oh, wait....
Sig Battery depleted. Reverting to safe mode.
You just have to Bing! it.
Help stamp out iliturcy.
I notice that "tapping" Skype is always a matter of compromising one of the end points. I presume it's harder to tap Skype in transit as traffic can take any old route via the Internet - or that's the impression we should get.
Insert
I've tried Symantec products. This could not be true.
If they wrote a virus it would have a 500MB install and you'ld have to click the EULA four times. It would take 90% of CPU and 90% of RAM while doing nothing and require 100% of everything for a couple of hours to update before it could do something. The updater would break and you'ld have to reinstall Windows, then the update prep package, and then the virus to get it to activate at all. And when it was finally working, it would break before connecting to its control server.
If you wanted a virus that bad, you might as well install Windows 98. At least the user interface would be similar to Symantec.
Help stamp out iliturcy.
Now, this WOULD be news or at least newsworthy if there was a program that allows a MITM attack to encrypted Skype communication. But let's be honest, what do we have here?
1) A program, installed on the affected computer
2) Which messes with what's being done by a certain other program
3) Which creates a log of the data being sent to and from this program (after decryption of said data)
4) Wich sends that data to a predetermined server
That's not news. That's been done for at the very least 5 years now. The difference is maybe that this time we're talking about MP3s instead of text files. Yes, that's more data being transfered. Else?
The oh-so-terribly-secure encryption of Skype means jack in that context. At some point in the lifetime of the program, the data has to be decrypted so the person having the conversation can actually understand what is said. This has to be done in a format the audio driver is able to process, thus has to follow a standard. You tap into the data after decryption on receive and before decryption on send. Just as it's done with the oh-so-secure connections to your bank, PayPal and EBay when you have a trojan listening in your machine.
So, again, where's the news? That it's now audio data instead of text?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Once a friend in the IT security mentioned that he'll install Skype only on a carefully firewalled virtual machine, with nothing else on it. Now there is one more reason to believe him. 'Skype' and 'securoty' just don't go well together.
But Skype users are NOT the intended customer. Seriously, this being no big suprise along with it's closed source and Z-fone incompatibility, makes Skype a real loser. The only thing that makes them attractive is they have marketshare. People love being able to search other people they already know (as facebook) and connect with them, regardless of the applications insecure nature.
I find the hype on this very misleading. Once I install an operating system modification that exists in the address space of an application, I can fairly well do whatever I want. This one happens to target Skype. Similar ones could just as easily have targeted browser login's and passwords, or ssh.
Worst Job Ever: Being the poor guy that has to listen to all these random conversations in the hopes that something not retarded will be said...
yvan eht nioj
So we discuss "Coder of Swiss Wiretapping Trojan Speaks Out" on Aug 26; http://it.slashdot.org/article.pl?sid=09/08/26/144249, in which TFS says: "Last night, he published the source code of his Skype-Trojan under the GPL." (http://www.megapanzer.com/2009/08/25/skype-trojan-sourcecode-available-for-download/), and now the Einsteins at Symantec "claims to have found the public release of source code". Fucking brilliant.
I've been trying to record my calls. I've used xvidcap and that works ok for the video but not for the sound so far. If this bug/flaw/virus ever does impact linux I'm sure it will fail about 80% of the time because it's hard to do this on purpose!
Stupidity is its own reward.
I used to work for a callcenter, and absolutely everything was recorded.
The recordings started as uncompressed WAV files. With a callcenter of ~100 seats, they took up about 6 GB/day. After we moved to daily MP3 encoding, at bit rates much higher than would have probably been required for the legal CYA the recordings were made for, three to four days worth of recordings fit on a single DVD-R.
We used LAME with that -V2 switch I think.
Boot Windows, Linux, and ESX over the network for free.