Have you ever used Skype? Do you ever think that your conversations with friends or family may be wiretapped? You would be wrong to say “No”!
Skype uses public encryption method to protect online transaction data; if hacker might have the data, he still needs to decrypt it to get the original messages. However, a newly emerged malware (which is recognized as W32.Peskyspy.Trojan by Bkav) with embedded module for eavesdropping Skype conversations is working more than effectively today.
Technically, this Trojan intercepts the transmitting process between Audio device driver and Skype process
Peskyspy’s wiretapping technique
By inline hooking into direct sound and Windows multimedia library’s functions, Peskyspy can record the data being transmitted between Skype and Audio devices. It then extracts the audio data, saves it to MP3 format and sends it to hacker. Additionally, this Trojan also includes some other modules such as: Backdoor, bypass Firewall etc. but there is no module for self-spreading. The impact by the Trojan up to now is thus not really important. Unfortunately, the open source code of Skype recording module has been publicly provided by Ruben Unteregger (33, programmer, ERA IT Solutions) on his private website (http://www.megapanzer.com/......). It is a possibility that this module or its improved version may be added to some viruses for wiretapping any conversations through VoIP services. Thus, in order to prevent eavesdroppers on your system, we recommend that you constantly update the latest anti-virus program on your computer and at the same time raise the awareness on information security while surfing the net.
By Nguyen Cong Cuong, Senior Malware Researcher - Bkis