Slashdot Mirror

← Back to Stories (view on slashdot.org)

Skype Trojan Can Log VoIP Conversations

Posted by timothy on from the sans-malice-would-be-a-useful-thing dept.

Slatterz writes "Security giant Symantec claims to have found the public release of source code for a Trojan that targets Skype users. Trojan.Peskyspy is spyware which records a voice call and stores it as an MP3 file for later transmission. An infected machine will use the software that handles audio processing within a computer and save the call data as an MP3. The file is then sent over the internet to a predefined server where the attacker can listen to the recorded conversations."

37 of 151 comments (clear)

  1. Platforms... by Slur · · Score: 2, Interesting

    Does this affect the Mac OS X version, or does at least one of the callers have to be on a PC?

    --
    -- thinkyhead software and media
    1. Re:Platforms... by Anonymous Coward · · Score: 5, Funny

      What??? Mac users are gay?

      Are these gay? http://www.slashgear.com/wp-content/uploads/2009/01/steve-jobs-3g-iphone1.jpg
      Is this gay? http://images.businessweek.com/mz/04/44/0444_20innova.jpg

      iDon't think so, troll!

    2. Re:Platforms... by mckinleyn · · Score: 4, Insightful

      PCs to most people are the scary blinky box in the corner. PCs to some are any x86 machine (Macs included). The original acronym means Personal Computers, as you stated. By that definition, my cell phone is a PC. While some may argue the point, it seems most likely that when the average /.er says PC, they mean x86, running Windows.

    3. Re:Platforms... by Chris+Tucker · · Score: 4, Insightful

      You know, I'd rather have a homophobic retard bigot like you think I was gay, rather than having a gay person think I was a homophobic retard bigot.

      Like you.

      --
      Guaranteed! This comment 100% Anthrax free!
    4. Re:Platforms... by m50d · · Score: 2, Interesting
      While some may argue the point, it seems most likely that when the average /.er says PC, they mean x86, running Windows.

      Given how many linux users (or people liking to pretend they're linux users) there are here, I'd say you're wrong.

      --
      I am trolling
  2. Conspiracy by No+Lucifer · · Score: 3, Funny

    Somehow, Oprah's got to be behind this...

  3. This is IMPOSSIBLE by Anonymous Coward · · Score: 3, Funny

    Skype Trojan Can Log VoIP Conversations

    Skype sells condoms now???!?

  4. Sounds familiar... by piemonkey · · Score: 5, Informative

    I wonder if they're talking about this trojan http://it.slashdot.org/story/09/08/26/144249/Coder-of-Swiss-Wiretapping-Trojan-Speaks-Out

    1. Re:Sounds familiar... by Zen+Hash · · Score: 5, Informative

      I wonder if they're talking about this trojan http://it.slashdot.org/story/09/08/26/144249/Coder-of-Swiss-Wiretapping-Trojan-Speaks-Out

      Yep. Apparently some news site picked it up a week later and wrote their own article without the original details, making it front page news all over again. The only thing new is that Symantec gave it a goofy name.

      --
      Here I sit, all broken hearted.
      Came to poop, but only farted.
  5. Re:I'm safe by master5o1 · · Score: 4, Insightful

    Good point. If it can't access an mp3 encoder, then it can't record it to an mp3. On the other hand, what stops it from using any available audio encoder installed?

    --
    signature is pants
  6. How can you hide this? by bistromath007 · · Score: 3, Insightful

    Wouldn't this quickly take enough disk space to be easily noticeable?

    1. Re:How can you hide this? by Darkk · · Score: 3, Insightful

      Nope. You'd hardly notice it sitting on your 1.5TB hard drive since low bitrate of voice MP3s are usually pretty small. Betcha the trojan would store the files in the ole temp folder of IE along with other junk files.

      Pretty slick idea of a trojan but boring to listen to millions conversations that have little value. Only thing I can think of the trojan author would use some kind of speech recognition software to look for phrases like "passwords" or "credit card info"

      Sadly that I rarely download software anymore due to concerns of backdoors or trojans as it's a money game now.

    2. Re:How can you hide this? by brusk · · Score: 4, Interesting

      If you could track the numbers called (on skypeout), you might be able to identify calls to banks, credit card companies, etc., and listen only to those.

      --
      .sig withheld by request
    3. Re:How can you hide this? by armie · · Score: 2, Informative

      There are a lot of automated banking by phone facilities that rely on the user entering their account numbers and passwords via the keypad. An attacker won't even need sophisticated speech recognition software - all they need is software looking for DTMF tones.

  7. Doesn't seem terribly practical by digitalme2 · · Score: 3, Insightful

    Seems more like something that would be used by investigators, employers, jealous partners, and their like. As TFA says, "The downside for the malware creators is that they would need a lot of time on their hands to go through hours of Skype audio files to find anything of monetary interest." The idea is so obvious that this is likely why we haven't seen this before.

    1. Re:Doesn't seem terribly practical by girlintraining · · Score: 3, Interesting

      "The downside for the malware creators is that they would need a lot of time on their hands to go through hours of Skype audio files to find anything of monetary interest."

      You seem to be laboring under the idea that using speech recognition software would not occur to these people, or that the cost of transcription would be higher than the benefit received. First, it's already in widespread use in certain industries. Second, some targets are going to yield much better information than others -- you're correct that if you target a 100,000 random skype phone conversations you won't get much. But what if you only targeted people using it between the hours of 9am and 5pm and had job titles and functions associated with financial data?

      Suddenly, you've got yourself a viable criminal enterprise.

      --
      #fuckbeta #iamslashdot #dicemustdie
  8. Re:MODERATORS! THIS IS A 911 -=EMERGENCY=- by pitterpatter · · Score: 2, Funny

    I'd mod him up if he wasn't posting AC

    Oh, and if I wasn't posting

    And if I had mod points

  9. Source Code Available Here by AgentOJ · · Score: 5, Informative

    It appears that a guy named Ruben Unteregger published the source code on his site at http://www.megapanzer.com/source-code/#skypetrojan

    According to his site, he removed a plugin system from the source as well as code to bypass firewalls, but he'll add it back in at a later date.

    From looking at the source, this is heavily geared toward Windows, so the current iteration of the source doesn't affect OS X at this time.

    1. Re:Source Code Available Here by chrb · · Score: 2, Informative

      Yes, you may remember the recent Slashdot discussion on this exact topic.

  10. Surprised this actually works by jonwil · · Score: 3, Funny

    Given all the DRM Microsoft is adding to Windows at the behest of the MPAA and RIAA, I am surprised that an app can even GET access to the raw audio anymore.

    1. Re:Surprised this actually works by icebike · · Score: 4, Insightful

      Audio (and everything else) sent by skype is encrypted.

      That is why you need to install a Trojan ON the target machine. This Trojan grabs it AFTER it has been decrypted by skype.

      Because it is running local it should be detectable.

      Because they chose the trojan route, you can be reasonably assured that breaking the encryption is harder and more troublesome than sneaking into your house and installing a trojan or tricking you into installing it for them.

      --
      Sig Battery depleted. Reverting to safe mode.
  11. source by Zen+Hash · · Score: 5, Informative

    Does this affect the Mac OS X version, or does at least one of the callers have to be on a PC?

    It's written for Windows, like usual, and at least one of the callers would have to be infected.

    Source: http://www.megapanzer.com/2009/08/25/skype-trojan-sourcecode-available-for-download/

    --
    Here I sit, all broken hearted.
    Came to poop, but only farted.
  12. Attn: Sir by Anonymous Coward · · Score: 5, Funny

    Honoured friend,

    Forgive me this unusal contact, but the circumstanes of perfection are such.

    My name is Ringotha Dingo. I am an administrator at the European/African Internet Facility.

    Through my work, and the unfortunate death of my colleage, I have available to me many unused and unencrypted, cross platform Moderator points. I would be most eager to benefit you with them; however, due to a revolution in my country I am unable to access my computer network. This can be arranged by my agent in London. Please contact him directly, and reference the small agreement that you might benefit me with so that I might flee my country with my wife and two children.

    I am awaiting your abrupt reply. And will immediately have you sent an bankers draft by email if you will provide me with such.

    All my good fortunes to you!

    Ringotha Dingo
    Adminsistrator African Europeein Internets
    Toob Farm, Sweatn Bongos
    Gontoofar Way

  13. Re:Larger problem than Windows. by maeka · · Score: 2, Funny

    On Star and cell phones have been used by law enforcement to listen in on people. Both have the computational power to record and do voice recognition for keywords.

    Really?
    My phone comically confuses the most basic of voice commands, but I should be afraid it is scraping my calls for keywords?

  14. Re:I'm safe by chrb · · Score: 3, Insightful

    What stops the trojan from statically linking an mp3 encoder? Or just downloading a dynamic library if there are size constraints?

  15. So what? by Anonymous Coward · · Score: 2, Funny

    This is no worse than the US Department of Homeland Security does on an ordinary weekday. So, why should I be concerned? I don't have anything to worry about, since I don't have anything I need to hide! We should trust the hackers to use their authority responsibly.

  16. Re:Does it... by n0dna · · Score: 2, Funny

    Yup. You're missing something. They hide those kind of details in the article.

    Go ahead. Read it. I won't tell anyone.

  17. Re:I'm safe by ksatyr · · Score: 5, Funny

    That would be LAME.

  18. Symantec should read by zcold · · Score: 5, Informative

    Slashdot... Didnt the person who created this release this open source before the weekend?? Symantec is a little slow on the ball... http://it.slashdot.org/story/09/08/26/144249/Coder-of-Swiss-Wiretapping-Trojan-Speaks-Out

    --
    you know you can fry stuff putting things into things that dont like the things you put into it...
  19. Bastards! by Runaway1956 · · Score: 4, Funny

    As usual, I see no Linux support at all. I've almost made up my mind to format and install Windows again. Damn those rat bastard virus writers! Always forgetting us lusers!

    --
    "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
  20. Re:Larger problem than Windows. by RobVB · · Score: 2, Funny

    Having worked in communications for both government and private organizations for ten years, I can tell you there's some interesting stuff out there.

    But you can't actually tell us anything specific about the interesting stuff out there without having to kill us, right?

    --
    I'd rather you rationally disagree than irrationally agree.
  21. Re:Larger problem than Windows. by palegray.net · · Score: 2, Interesting

    Nah, I wouldn't have to kill you. I'd just go to prison for a long time.

    --
    512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
  22. RIAA to the rescue... by marciot · · Score: 5, Funny

    I'm gonna call myself and play all my CDs through Skype. That way the RIAA will unleash their pack of lawyers on the scammer who illegally downloads all those songs as MP3s off my computer.

  23. Re:I'm safe by Spatial · · Score: 4, Funny

    Nonsense. LAME ain't an mp3 encoder!

  24. Re:Larger problem than Windows. by palegray.net · · Score: 2, Insightful

    The general idea that monitoring systems have been in place for a long time (and continue to evolve) is nothing new. The specifics of what's actually deployed now and how it operates is not, however, public knowledge. That's what people go to jail over, as they rightfully should, not the basic premise that (shock of shocks) telcos can monitor what go across their networks.

    But I'm sure that's what you really meant, right?

    --
    512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
  25. I've tried Symantec products by symbolset · · Score: 5, Funny

    I've tried Symantec products. This could not be true.

    If they wrote a virus it would have a 500MB install and you'ld have to click the EULA four times. It would take 90% of CPU and 90% of RAM while doing nothing and require 100% of everything for a couple of hours to update before it could do something. The updater would break and you'ld have to reinstall Windows, then the update prep package, and then the virus to get it to activate at all. And when it was finally working, it would break before connecting to its control server.

    If you wanted a virus that bad, you might as well install Windows 98. At least the user interface would be similar to Symantec.

    --
    Help stamp out iliturcy.
  26. Symantec geniuses can click a /. link by uassholes · · Score: 2, Interesting

    So we discuss "Coder of Swiss Wiretapping Trojan Speaks Out" on Aug 26; http://it.slashdot.org/article.pl?sid=09/08/26/144249, in which TFS says: "Last night, he published the source code of his Skype-Trojan under the GPL." (http://www.megapanzer.com/2009/08/25/skype-trojan-sourcecode-available-for-download/), and now the Einsteins at Symantec "claims to have found the public release of source code". Fucking brilliant.