Technology news and Jobs arrow VIRTUALISATION arrow Skype trojan source code publicly available
Skype trojan source code publicly available E-mail
by David Heath   
Tuesday, 01 September 2009
Source code for a Skype trojan which is able to capture conversations and deliver them to the 'owner' is now available.

Featured Whitepaper

5 Best Practices for Smartphone Support
For the impatient types, I suggest you wander over to this site to get your own copy of the trojan.

Interestingly, also on the megapanzer site is an interview with the author of the Trojan.  His background is fascinating: "For about seven years, Ruben Unteregger has worked as a software-engineer for the Swiss company ERA IT Solutions. His job there was to code malware that would allow to invade PCs of private users. ERA IT Solutions should in particular be involved in constructing trojans which allow the wiretapping of VoIP calls. If he doesn't want to pay a penalty for breach of contract, he has to remain silent about the customers of the company. Simultaneously to this Interview, Mr. Unteregges wants to publish the source code of his trojan and make it available to the public."  I suggest you read the entire absorbing interview.

According to Virustotal the Trojan is currently detected ONLY by Symantec, although this should change in the next day or so.  On their own website, Symantec name it Trojan.Peskyspy and describe it:

"When the Trojan is executed, it injects a thread into the Skype process and hooks a number of API calls, allowing it to intercept all PCM audio data going between the Skype process and underlying audio devices.

"Note: Since the Trojan listens to the data coming to and from the audio devices, it gathers the audio independently of any application-specific protocols or encryption applied by Skype when it passes voice data at the network level.

"It then saves the audio data to .mp3 files with the following file names and stores it in a predetermined folder:

[PREDETERMINED FOLDER NAME]\[CALLER ID]-[PACK NUMBER]-SkypeOut-[YEAR-MONTH-DAY-HOUR-MINUTE-SECOND].mp3
[PREDETERMINED FOLDER NAME]\[CALLER ID]-[PACK NUMBER]-SkypeIn-[YEAR-MONTH-DAY-HOUR-MINUTE-SECOND].mp3

"Note: The incoming and outgoing audio data are stored in separate .mp3 files."

Later reporting suggests that both Sophos and AhnLab are also able to detect this malware.

Currently, there is no news on how prevalent the virus is in the wild, nor how many variants the script kiddies might develop.

As always, the advice is to keep yourself as protected as possible.

Tags See All Tags


David Heath  Skype  Trojan 
Powered By Joomla Tags

Please enable JavaScript in your browser to post your comment!
 
< Next story in category   Previous story in the category >
iTWire user statistics Visitors last 30 days
 694,279
Subscribers 15,210
#1 independent technology news advertise here
  •   *  
  • Search
  • AdvSeach
  • Login
  • Events
  • FreeStuff

- Advertisement -

Featured Whitepapers

...More

Today on iTWireToday on iTWire

Latest news
Follow iTWire on Twitter

About iTWire

iTWire is all about technology news, information, jobs and community for the IT and telecommunications industry professional. Subscribe to our free ICT daily newsletter

iTWire and you

Contact , Register , Links , About iTWire , Feedback , Post your jobs , Events , iTWire site map , Start Blogging , MyBlogLog page , Advertise with iTWire , Subscribe to SMS headlines , White Papers