AfterDawn: Tech news

Symantec warns about public release of Skype-recording Trojan code

Written by James Delahunty (Google+) @ 01 Sep 2009 1:37 User comments (16)

Symantec warns about public release of Skype-recording Trojan code Computer security firm Symantec has issued a warning following the public release of concept code for a Trojan that can record Skype conversations and transfer them to an attacker. Trojan.Peskyspy records the conversations as MP3 and can then deliver the MP3 recordings to a specific server over the Internet.
Symantec is not looking to cause panic about the publicly released source code since security products could be now updated to detect it. Instead, Symantec deems it likely that malware authors will include it in their malware packages, many of which are built solely for stealing information on infected machines.

The release of the code was not for malicious reasons either, but rather to highlight a big problem with mass-communication using software like Skype, which now evidently can only be as secure as the computer it is installed on.

Previous Next  

16 user comments

11.9.2009 1:55

"The release of the code was not for malicious reasons either, but rather to highlight a big problem with mass-communication using software like Skype, which now evidently can only be as secure as the computer it is installed on."

Isn't this true of all software? Heck, conventional phones networks and cell networks can also be hacked and recorded...what's the big deal?

Symantec needs to focus on making a virus scanner that works efficiently, and to making virus definitions available within 5 years of a virus being identified...rather than pointing out the obvious, and doing nothing about it.

21.9.2009 4:03

This is really showing that viruses and other nasty's have upgraded as well. Although this feature can be given to governments to spy on peoples convos like taping phone lines.

31.9.2009 4:41
pphoenix
Inactive

so now not only can corporations & governments abuse this so can the whole population of the globe, cool lets hope this exploit is fixed so we can all get back to private conversations without elitists spying.

isn't there exploits with the oyster card (London UK), voting machines, atm's, ID Cards, ect that ppl have been gagged from releasing the source code for, so governments/corporations, can fix these issues that to the best of my knowledge still have yet to be fixed?

why would a corporation/government allow a exploit to remain in place exactly?

41.9.2009 11:08

Originally posted by KillerBug:
"The release of the code was not for malicious reasons either, but rather to highlight a big problem with mass-communication using software like Skype, which now evidently can only be as secure as the computer it is installed on."

Isn't this true of all software? Heck, conventional phones networks and cell networks can also be hacked and recorded...what's the big deal?

Symantec needs to focus on making a virus scanner that works efficiently, and to making virus definitions available within 5 years of a virus being identified...rather than pointing out the obvious, and doing nothing about it.
It's true of all software but that's not the point... Internet-based communication services like Skype are being picked up by business from small-size to large... and this is the first piece of software developed specifically to record Skype phone calls and then upload the MP3 recordings to a specific location. If you tap a telephone network you have to do physical work to do it, and cellular networks are very secure.

As for Symantec software, granted I don't use any of the big name anti-virus or anti-spyware tools, but Symantec also develops free removal tools for some of the nastiest infections that you can get... besides, it's their job to comment on anything new... not EVERY comment from a profit-seeking company is worth automatic criticism...

51.9.2009 13:24

Dela are you ok matey? No I am not being sarcastic. Lately you have made a few scathing attacks on folks. Take it easy matey.

As for symantec they are usually pretty good at creating removal tools. Heck they even created a removal tool for their own software, which was/is pretty dam hard to uninstall completely. But why are these tools not included in their software as standard. I think they are creating bloatware that looks nice and isn't very effecient. Once upon a time I used kaspersky or nod32 but lets be honest (apart from playing the latest games) who on earth would use windows in the first place!!!

P.S. Please don't shoot the messenger:P Just trying to lighten you up a bit matey.

61.9.2009 15:05

Quote:
who on earth would use windows in the first place!!!
PC Gamers would

71.9.2009 15:56

Originally posted by joe777:
(apart from playing the latest games) who on earth would use windows in the first place!!!
Maybe you didn't notice that part of my post fella.

81.9.2009 16:14

Oh wow, sorry. I didn't see it. I feel dumb now. My bad

91.9.2009 21:01

Originally posted by joe777:
Dela are you ok matey? No I am not being sarcastic. Lately you have made a few scathing attacks on folks. Take it easy matey.

As for symantec they are usually pretty good at creating removal tools. Heck they even created a removal tool for their own software, which was/is pretty dam hard to uninstall completely. But why are these tools not included in their software as standard. I think they are creating bloatware that looks nice and isn't very effecient. Once upon a time I used kaspersky or nod32 but lets be honest (apart from playing the latest games) who on earth would use windows in the first place!!!

P.S. Please don't shoot the messenger:P Just trying to lighten you up a bit matey.
Hmm, I didn't attack anybody there lol, it was an opinion - remember the following: "text has no tone of voice", don't assume that you know somebody's mood when they type. As for the removal tools, some infections, such as Win32/Virut, can't be removed by anti-virus if the anti-virus can't run. Virut is an example of Polymorphic code. It's a file infecter that infects executable files - which means it can easily affect the running processes of Symantec software and all others - therefore a removal tool will check for it, and if found, it will reboot the computer immediately and remove it outside of Windows. That's just one example among many of why stand-alone removers are a good idea.

101.9.2009 23:03

Hey dela maybe I should have said scathing comments instead of attacks (like the other post when someone suggested that they found it a slow news day and you used bold text write that you were pissed off with their comment).
But anyway the AV cannot detect infections on the fly so to speak? The bloodhound feature in symantecs bloatware isn't detecting the virus as soon as it arrives on the HDD. Windows might be to blame for this threat because their kernel is broken by default:P but certain AV's like symantec are to blame for not keeping up with the game so I suppose they are also broken by default eh. Symantec are good at writing removal tools but their ability of detection is very poor, which seems very strange to me. A bit like closing the stable door once the horse has bolted, cause anybody in their right mind will clean install the OS after its been infected. Maybe use the removal then clean install, or boot cd retrieve and clean install. Ahh the excitement of russian roulette when playing with windows boxes, how are the chips stacked today:P

And hey I wasn't having a go at you. Just thinking that you have been peeved off for a while and me showing some consideration for staff who help keep the site running was all I was saying.
Stay lucky, peace.

112.9.2009 0:46

Quote:
Originally posted by joe777:
Dela are you ok matey? No I am not being sarcastic. Lately you have made a few scathing attacks on folks. Take it easy matey.

As for symantec they are usually pretty good at creating removal tools. Heck they even created a removal tool for their own software, which was/is pretty dam hard to uninstall completely. But why are these tools not included in their software as standard. I think they are creating bloatware that looks nice and isn't very effecient. Once upon a time I used kaspersky or nod32 but lets be honest (apart from playing the latest games) who on earth would use windows in the first place!!!

P.S. Please don't shoot the messenger:P Just trying to lighten you up a bit matey.
Hmm, I didn't attack anybody there lol, it was an opinion - remember the following: "text has no tone of voice", don't assume that you know somebody's mood when they type. As for the removal tools, some infections, such as Win32/Virut, can't be removed by anti-virus if the anti-virus can't run. Virut is an example of Polymorphic code. It's a file infecter that infects executable files - which means it can easily affect the running processes of Symantec software and all others - therefore a removal tool will check for it, and if found, it will reboot the computer immediately and remove it outside of Windows. That's just one example among many of why stand-alone removers are a good idea.
A good virus scanner would never have allowed the virus to infect the system in the first place. A decent virus scanner would at least keep itself from becoming infected by a virus that was old when the virus scanner was released. An average virus scanner can restart the system and delete/clean viruses durring the boot. Symantec does none of these things, so it is clearly very below average. As if this was not bad enough, it costs money, uses lots of system resources, and will not uninstall. It also misses most viruses, while detecting many false-positives. The only thing seperating Symantec from a virus is the fact that viruses are free.

122.9.2009 14:59

I've never been fond of Norton/Symantec and their track record not to mention rumors of back doors being left in their products for the FBI and proven back doors found in Norton corporate if you recall the scandal several years ago. What sucks is I even had that version :(

I'd side with Nod32 or Kaspersky. Tried Avira recently and it's heuristic scanning had so many false positives (unless acer loaded my computer with corporate spyware in their game launch.exe files, entirely possible).

It's funny the virus (if you've read about it) goes through the trouble of hooking into skype and catching the audio at an unencrypted point in the programs code then drops an encrypted mp3 of it to be uploaded to the intruder later. You're lucky it hooks into skype. It would take some doing but I'm sure there are universal ways they could hook into windows and catch the audio from the microphone before it even gets sent to skype or any program for that matter.

That's ok, skype might not be around much longer anyway. There seems to be a bit of a licensing issue with the core technology behind it :(



digital copying & dvd duplicator

132.9.2009 20:05

so will the magic jacks and cable phones be the next targets????

143.9.2009 4:26

No, Symantec will continue to write virues and trojans to release onto the internet, but they will try attacking the microphone signal directly when they finaly get back to writing spy-trojans again.

158.9.2009 20:01

Originally posted by garmoon:
so will the magic jacks and cable phones be the next targets????
Eventually, Yes.
ANYTHING that redirects thru a computer and it's OS/internet connection, will have exploits that can (and will) be found someday. There simply is no such thing as "secure" code, and there never will be. As code becomes more complex, so do the exploiters techniques...as technology advances, more new flaws are inevitably created. It's a never ending cycle...always will be, and anyone who states my fave comment "they need to write better code without all these flaws" simply doesn't understand the nature of this beast.
Unfortunately for us end users, as long as we delve into the digital world with more & more of our everyday lives, the more our everyday life is at risk.

169.9.2009 5:35

Everything is vulnrable to a good hacker, even the conventional & cell phone networks. Heck, a good hacker could even hack the sat-phone satelites.

There is no such thing as secure...even if you have a stand-alone system, they can simply break into your house while you are at work. (anyone remember the first mission impossible movie?)



Comments have been disabled for this article.

News archive