• VoIP Spying Code Lets Attackers Listen In

    by  • September 3, 2009 • Blog

    Symantec reports the discovery of the first ‘wiretap Trojan’, dubbed Trojan.PeskySpy. You know those times when you think you hear breathing or strange noises and wonder if someone is listening in on your phone call? They probably are.

    OK. That’s not really true. First, from a pure realism standpoint, an eavesdropping ‘listening Tom’ who takes advantage of Trojan.PeskySpy to listen to your conversation would be doing so digitally, so there would be no possibility of hearing any sounds or breathing.

    That part aside though, this isn’ a pervasive threat and according to the blog post Symantec doesn’t feel it will be. Symantec says “In terms of impact, we don’t see this threat gaining much of a foothold out in the wild. What we’ve seen is largely proof-of-concept and does not contain any method to spread from one computer to another.”

    Symantec explains that the Trojan “listens in the data traveling between the Skype process and the audio device, it gathers the audio independently of any application-specific protocols or encryption applied by Skype when it passes voice data at the network level. Essentially, it sits below these security measures, recording the audio at the Windows level—before outbound audio from the microphone gets to Skype and after incoming audio leaves Skype and reaches the speakers.”

    Bear in mind that this is not a Skype issue though. Skype was probably targeted because they are one of the most popular VoIP services, but its not a weakness in the Skype code or security controls.

    Assuming Symantec is right, you won’t see any worm spreading this code across the Internet, but the malicious code can still be used for more surgical attacks such as listening in on spouses or lovers, or for corporate espionage.

    Bottom line, you may have more parties listening in on your call than the two of you…and the NSA. Stay alert and keep your systems patched and antivirus updated.

    About

    Tony has driven security policies and technologies for antivirus and incident response for Fortune 500 companies, and he has been network administrator and technical support for smaller companies. He has written for a variety of other Web sites and publications, including BizTech Magazine, PC World, SearchSecurity.com, WindowsNetworking.com, Smart Computing magazine, and Information Security magazine. Tony is a CISSP (Certified Information Systems Security Professional) and ISSAP (Information Systems Security Architecture Professional). He is Microsoft Certified as an MCSE (Microsoft Certified Systems Engineer) and MCSA (Microsoft Certified Systems Administrator) in Windows 2000 and an MCP (Microsoft Certified Professional) in Windows NT. Tony has been recognized by Microsoft as an MVP (Most Valuable Professional) in Windows security since 2006. In addition to his Web site and magazine contributions, Tony was also tech editor of PCI Compliance (ISBN: 1597491659 ) and author of Essential Computer Security: Everyone’s Guide to E-mail, Internet, and Wireless Security (ISBN: 1597491144), coauthor of Hacker’s Challenge 3 (ISBN: 0072263040) and a contributing author to Winternals: Defragmentation, Recovery, and Administration Field Guide (ISBN: 1597490792), Combating Spyware in the Enterprise (ISBN: 1597490644) Syngress Force 2006 Emerging Threat Analysis: From Mischief to Malicious (ISBN: 1597490563), Botnets: The Killer Web Applications (ISBN: 1597491357), and AVIEN Malware Defense Guide for the Enterprise (ISBN: 1597491640).

    http://www.tonybradley.com