[ISN] Skype spy Trojan escapes into wild

From: InfoSec News <alerts_at_private>
Date: Mon, 31 Aug 2009 04:18:58 -0500 (CDT)
http://news.techworld.com/security/3200665/skype-spy-trojan-escapes-into-wild/

By John E. Dunn 
Techworld UK
28 August 09

Only days after Swiss programmer Ruben Unteregger released the source 
code for a Trojan he wrote three years ago to hack Skype phone calls, 
the inevitable has happened - someone has released it as a compiled 
piece of ‘faux' malware.

Unteregger posted the code on his website under a GLPv3 license, 
presumably in the hope that its publication would make it impossible to 
use against real users, having had second thoughts about the morality of 
his creation. He wrote the program in 2006 for a private company, ERA IT 
Solutions, which alledgedly sold it on to an agency of the Swiss 
government to use in remote surveillance activities.

Now Symantec and Trend Micro have reported that a Windows Trojan with 
remarkably similar characteristics has turned up in their detection 
systems, Trojan.PeskySpy in Symantec nomenclature, and Troj_Spayke.C to 
Trend. Neither company states openly that the Trojan detected is related 
to Unteregger's open source creation, but there are enough clues to 
forge a strong connection.

Symantec describes how the Trojan intercepts API calls to Skype, 
capturing and storing audio conversations as MP3 files with caller, 
date, day and time stamps to identify them, and SkypeOut and SkypeIn 
call designations. The Trojans then attempts to upload the recordings to 
pre-defined locations after detecting and attempting to bypass named 
firewall filters.

[...]


________________________________________
Subscribe to InfoSec News
http://www.infosecnews.org
Received on Mon Aug 31 2009 - 02:18:58 PDT

This archive was generated by hypermail 2.2.0 : Mon Aug 31 2009 - 02:33:08 PDT