Skype Trojan targets Windows; Linux and Apple unaffected

A programmer who wrote a Trojan that allows third parties to listen to Skype calls has released the code so that computer security firms can develop countermeasures.


A programmer who wrote a Trojan that allows third parties to listen to Skype calls has released the code so that...

computer security firms can develop countermeasures.

Reuben Unteregger, 33, formerly with Swiss-based ERA IT Solutions and now the owner of, said in an interview with last week that the code was developed for Windows XP systems, but would probably also work with later and earlier Microsoft operating systems. Linux and Apple systems are unaffected by it.

Symantec, which calls the Trojan Peskyspy (Trend calls it Skytap), said, "When the Trojan is executed, it injects a thread into the Skype process and hooks a number of API calls, allowing it to intercept all PCM (pulse code modulated) audio data going between the Skype process and underlying audio devices.

"Since the Trojan listens to the data coming to and from the audio devices, it gathers the audio independently of any application-specific protocols or encryption applied by Skype when it passes voice data at the network level," Symantec said.

It then encodes the audio file as an mp3 file with a time and date stamp and sends it to the Trojan's "owner".

Symantec rated it very low risk.

The Trojan Unteregger released is without the plug-in system in the backdoor and the firewall bypassing system, effectively neutering it. "If you don't like this well, I can't help you. That's how it is. Take it or leave it," he said on his website.

He added that he may release the missing parts later.

From Unteregger's interview with, it appears the Trojan was developed for Swiss and possibly German law enforcement agencies. He suggested that his software was one of many similar programs used by the authorities to monitor people.

"Obviously there is a lucrative market in this area which isn't saturated at all, because due to the quickly developing technology there are always new niches and therefore new solutions are created also from private companies," he said.

A Skype spokesman said Trojan.Peskyspy did not exploit Skype's software itself. "In this case, malicious code writers have released a Trojan that affects Microsoft Windows audio components, which, like many audio applications, Skype uses," he said.

The spokesman said Skype strongly recommended that users follow security best practices such as keeping their anti-virus and other software patched and up to date, and using a personal firewall.



Enjoy the benefits of CW+ membership, learn more and join.

This Content Component encountered an error



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: