Symantec researchers have observed the public availability of source code for a Trojan targeting users of Skype VoIP (Voice over IP). The Trojan has the capability to record Skype calls and send the conversations via an MP3 file back to the attacker, essentially acting as a wiretap and compromising confidentiality of a Skype phone call.
The Trojan is detected by Symantec as Trojan.Peskyspy and can be downloaded to a computer by way of tricking the user with an E-mail scam or other social engineering tactic. Once a machine has been compromised by this threat, the threat can use an application that handles audio processing within a computer and save the call data as an MP3 file. This MP3 is then sent over the Internet to a predefined server where the attacker can then listen to the recorded conversations. Recording the call as an MP3 keeps the size of the audio files low and means there is less data to be transferred over the network, helping to speed up the transfer and avoid detection.
The Trojan is targeting Windows API hooks, a technique used to alter the planned behavior of an application, that Microsoft has intended to be used by audio applications. The Trojan compromises the machine and then through the hooking technique is able to eavesdrop on a conversation before it even reaches Skype, or any other audio application.
At the moment, the risk posed by this threat is quite low and Symantec has not seen any evidence of this spreading at this early time. However, with source code now publicly available, malware writers can incorporate this type of functionality into their own customized threats. Computer users should follow security best practices, install and keep up-to-date security software, and not click on links in suspicious e-mails.
