No. 1 Story

ACCC clears Optus to scrap HFC network and use NBN instead

The ACCC has cleared, provisionally, the proposed deal between Optus and NBN Co under which Optus is to be paid around $800m to shut down its HFC network and transfer customers onto the NBN. read more

Related Articles

Skype, trojan, source, code, publicly, available
Japanese Trojan attacks P2P file-sharing pirates
In a case of a malware purveyor attacking pirate file-sharers, security vendor Sophos has...
Read More
Storm Trojan changes tack
The Storm (aka Peacomm, Dorf, Small and BAI) attack that previously spread under the...
Read More
Fake Skype web site purveys malware
US-based web security provider SurfControl is currently tracking a new spyware threat that comes...
Read More
Malicious Trojan disguised as Google Toolbar
UK-based Internet security firm SurfControl has detected a malicious threat disguised as a link...
Read More
Trojan exploits Sony DRM copy protection
Experts at anti-virus vendor Sophos's global network of virus and spam analysis centres, have...
Read More

More From

Popular Threads

Skype trojan source code publicly available

David Heath
Tuesday, 01 September 2009 06:48

Business IT - Security

View Comments
Source code for a Skype trojan which is able to capture conversations and deliver them to the 'owner' is now available.

For the impatient types, I suggest you wander over to this site to get your own copy of the trojan.

Interestingly, also on the megapanzer site is an interview with the author of the Trojan.  His background is fascinating: "For about seven years, Ruben Unteregger has worked as a software-engineer for the Swiss company ERA IT Solutions. His job there was to code malware that would allow to invade PCs of private users. ERA IT Solutions should in particular be involved in constructing trojans which allow the wiretapping of VoIP calls. If he doesn't want to pay a penalty for breach of contract, he has to remain silent about the customers of the company. Simultaneously to this Interview, Mr. Unteregges wants to publish the source code of his trojan and make it available to the public."  I suggest you read the entire absorbing interview.

According to Virustotal the Trojan is currently detected ONLY by Symantec, although this should change in the next day or so.  On their own website, Symantec name it Trojan.Peskyspy and describe it:

"When the Trojan is executed, it injects a thread into the Skype process and hooks a number of API calls, allowing it to intercept all PCM audio data going between the Skype process and underlying audio devices.

"Note: Since the Trojan listens to the data coming to and from the audio devices, it gathers the audio independently of any application-specific protocols or encryption applied by Skype when it passes voice data at the network level.

"It then saves the audio data to .mp3 files with the following file names and stores it in a predetermined folder:

[PREDETERMINED FOLDER NAME]\[CALLER ID]-[PACK NUMBER]-SkypeOut-[YEAR-MONTH-DAY-HOUR-MINUTE-SECOND].mp3
[PREDETERMINED FOLDER NAME]\[CALLER ID]-[PACK NUMBER]-SkypeIn-[YEAR-MONTH-DAY-HOUR-MINUTE-SECOND].mp3

"Note: The incoming and outgoing audio data are stored in separate .mp3 files."

Later reporting suggests that both Sophos and AhnLab are also able to detect this malware.

Currently, there is no news on how prevalent the virus is in the wild, nor how many variants the script kiddies might develop.

As always, the advice is to keep yourself as protected as possible.

Our Services for Technology Professionals

E - mail News SMS Headlines Desktop Alerts News Feeds Job Alerts Technology Events Press-Releases