AOH :: ISNQ5358.HTM

Skype spy Trojan escapes into wild




Skype spy Trojan escapes into wild
Skype spy Trojan escapes into wild



  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

--1457021584-1559586861-1251709816=:28511
Content-Type: TEXT/PLAIN; CHARSET=UTF-8
Content-Transfer-Encoding: QUOTED-PRINTABLE
Content-ID:  

http://news.techworld.com/security/3200665/skype-spy-trojan-escapes-into-wild/ 

By John E. Dunn 
Techworld UK
28 August 09

Only days after Swiss programmer Ruben Unteregger released the source 
code for a Trojan he wrote three years ago to hack Skype phone calls, 
the inevitable has happened - someone has released it as a compiled 
piece of =E2=80=98faux' malware.

Unteregger posted the code on his website under a GLPv3 license, 
presumably in the hope that its publication would make it impossible to 
use against real users, having had second thoughts about the morality of 
his creation. He wrote the program in 2006 for a private company, ERA IT 
Solutions, which alledgedly sold it on to an agency of the Swiss 
government to use in remote surveillance activities.

Now Symantec and Trend Micro have reported that a Windows Trojan with 
remarkably similar characteristics has turned up in their detection 
systems, Trojan.PeskySpy in Symantec nomenclature, and Troj_Spayke.C to 
Trend. Neither company states openly that the Trojan detected is related 
to Unteregger's open source creation, but there are enough clues to 
forge a strong connection.

Symantec describes how the Trojan intercepts API calls to Skype, 
capturing and storing audio conversations as MP3 files with caller, 
date, day and time stamps to identify them, and SkypeOut and SkypeIn 
call designations. The Trojans then attempts to upload the recordings to 
pre-defined locations after detecting and attempting to bypass named 
firewall filters.

[...]


--1457021584-1559586861-1251709816=:28511
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

________________________________________
Subscribe to InfoSec News
http://www.infosecnews.org 
--1457021584-1559586861-1251709816=:28511--

Site design & layout copyright © 1986-2014 CodeGods