Skype Trojan lends an unsympathetic ear

Image (1) phone.jpg for post 24296

phoneIt looks like a new Trojan for Skype has been written, and the source code distributed. A “researcher” wrote and published this Trojan (the author himself calls it a Trojan) “for educational purposes only”. Enough said.

The Trojan injects a dll component into a running process of Skype. The dll then hooks the “send” and “recv” APIs in this Skype process to the Trojan’s own custom functions. This allows the Trojan to extract and save the audio and video data, and send it back to the attacker. We’re detecting both the executable and the injected dll as Troj/Skytap-Gen based on samples we’ve seen so far.

The code leverages the fact that, however cleverly Skype secures the data while it’s being transmitted between callers, it is still possible to jump in at either end of the call and intercept the conversation if done carefully.

And of course this is yet another reminder that trust is a dangerous game. In this case, you yourself can be secured to the hilt, but if the person you’re talking to on Skype has a Trojan installed then it’s still going to steal the words right out of your mouth.

Image source: aussiegall’s Flikr photostream (Creative Commons 2.0)