Thursday, September 3, 2009

Do you Skype?

Trojan Could Enable Attackers To Eavesdrop On Skype Calls
Exploit saves conversations as MP3 files to make detection more difficult, researchers say

Aug 28, 2009 | 04:55 PM
By Tim Wilson
DarkReading

Security researchers at Symantec have observed the public availability of source code for a Trojan that targets users of the Skype voice over IP service.

The Trojan has the ability to record audio from the computer -- including any Skype calls in progress -- and store the files locally in an encrypted MP3 file, where they can later be transmitted to the attacker.

The Trojan, which Symantec calls Trojan.Peskyspy, can be downloaded to a computer by tricking the user with an email scam or other social engineering tactic, Symantec says. Once a machine has been compromised, the threat can exploit an application that handles audio processing within a computer and save the call data as an MP3 file.

The MP3 is then sent over the Internet to a predefined server, where the attacker can listen to the recorded conversations, Symantec reports. "Recording the call as an MP3 keeps the size of the audio files low and means there is less data to be transferred over the network, helping to speed up the transfer and avoid detection," the company says.

The Trojan targets Windows API "hooks" -- a technique used to alter the planned behavior of an application, which Microsoft designed for use by audio applications. The Trojan compromises the machine and then uses the hooking technique to eavesdrop on a conversation before it even reaches Skype or any other audio application, Symantec says.

"At the moment, the risk posed by this threat is quite low, and Symantec has not seen any evidence of this spreading at this early time," the researchers say. "However, with source code now publicly available, malware writers can incorporate this type of functionality into their own customized threats."

No comments: