A programmer who wrote a Trojan that allows third parties to
listen to Skype calls has released the code so that computer
security firms can develop countermeasures.
Reuben Unteregger, 33, formerly with Swiss-based ERA IT
Solutions and now the owner of
www.Megapanzer.com, said in
an interview with gulli.com last
week that the code was developed for Windows XP systems, but would
probably also work with later and earlier Microsoft operating
systems. Linux and Apple systems are unaffected by it.
Symantec, which calls the Trojan
Peskyspy (Trend calls it Skytap), said, "When the Trojan is
executed, it injects a thread into the Skype process and hooks a
number of API calls, allowing it to intercept all PCM (pulse code
modulated) audio data going between the Skype process and
underlying audio devices.
"Since the Trojan listens to the data coming to and from the
audio devices, it gathers the audio independently of any
application-specific protocols or encryption applied by Skype when
it passes voice data at the network level," Symantec said.
It then encodes the audio file as an mp3 file with a time and
date stamp and sends it to the Trojan's "owner".
Symantec rated it very low risk.
The Trojan Unteregger released is without the plug-in system in
the backdoor and the firewall bypassing system, effectively
neutering it. "If you don't like this well, I can't help you.
That's how it is. Take it or leave it," he said on his website.
He added that he may release the missing parts later.
From Unteregger's interview with gulli.com, it appears the
Trojan was developed for Swiss and possibly German law enforcement
agencies. He suggested that his software was one of many similar
programs used by the authorities to monitor people.
"Obviously there is a lucrative market in this area which isn't
saturated at all, because due to the quickly developing technology
there are always new niches and therefore new solutions are created
also from private companies," he said.
A Skype spokesman said Trojan.Peskyspy did not exploit Skype's
software itself. "In this case, malicious code writers have
released a Trojan that affects Microsoft Windows audio components,
which, like many audio applications, Skype uses," he said.
The spokesman said Skype strongly recommended that users follow
security best practices such as keeping their anti-virus and other
software patched and up to date, and using a personal firewall.