Skype Trojan lends an unsympathetic ear

Filed Under: Malware, SophosLabs

phoneIt looks like a new Trojan for Skype has been written, and the source code distributed. A "researcher" wrote and published this Trojan (the author himself calls it a Trojan) "for educational purposes only". Enough said.

The Trojan injects a dll component into a running process of Skype. The dll then hooks the "send" and "recv" APIs in this Skype process to the Trojan's own custom functions. This allows the Trojan to extract and save the audio and video data, and send it back to the attacker. We're detecting both the executable and the injected dll as Troj/Skytap-Gen based on samples we've seen so far.

The code leverages the fact that, however cleverly Skype secures the data while it's being transmitted between callers, it is still possible to jump in at either end of the call and intercept the conversation if done carefully.

And of course this is yet another reminder that trust is a dangerous game. In this case, you yourself can be secured to the hilt, but if the person you're talking to on Skype has a Trojan installed then it's still going to steal the words right out of your mouth.

Image source: aussiegall's Flikr photostream (Creative Commons 2.0)

,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s