Trojan.Peskyspy beats Skype encryption through Windows API attack
Symantec’s analysis found that the Trojan, which it dubbed “Trojan.Peskyspy,” can record audio on a computer such as Skype calls, store the file locally as an encrypted mp3 and then relay it back to the hacker.
Trojan.Peskyspy is designed to beat Skype’s encryption, Symantec found. “Since the Trojan listens to the data coming to and from the audio devices, it gathers the audio independently of any application-specific protocols or encryption applied by Skype when it passes voice data at the network level,” the company said.
The virus can attack the Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003 and Windows 2000 operating systems.
“The Trojan is targeting Windows API hooks, a technique used to alter the planned behavior of an application, that Microsoft has intended to be used by audio applications,” Symantec said.
On infected systems, it attempts to bypass certain firewall processes, potentially opening up a limited back door that would allow the attacker to send the recorded calls to a predetermined location, download an updated version of the Trojan, and delete the Trojan from the compromised computer, according to Symantec.
While the Trojan appeared to initially target Skype calls, Symantec’s Intel Security Team said that this attack could work against any popular VoIP application.
“We’d like to point out that its existence isn’t due to any problems with Skype itself,” the researchers said. “In this case, Skype has simply become a victim of its own popularity, most likely being targeted simply because it has such a large install base. This threat could just have easily been crafted to take advantage of any one of the myriad of other VoIP applications, and it’s likely we’ll see other threats in the future that do just that.”
Microsoft and eBay, Skype’s parent company, did not immediately respond to requests for comment on the Trojan.
Symantec said that the Trojan is more of a proof of concept than an immediate threat. Anyone with current anti-virus protection will be safe, and the Trojan is not designed to spread by itself. [InternetNews]
Post information: