Who's listening to your Skype calls?

If having your bank account hovered clean or irreplaceable data trashed by viruses and malware is keeping you awake at night, expect even more insomnia thanks to the security boffins at Symantec.

The security specialists are talking up a new piece of cyber nastiness in the form of a Trojan called Trojan.Peskyspy (also known as Skytap) which can record VoIP calls made using the Skype internet telephony application on PCs using Windows 2000, 95, ME, NZ, XP, Vista and Windows server 2003.

According to Symantec's Karthik Selvaraj, although Trojan.Peskyspy doesn't exploit any specific Skype weaknesses, Skype was most probably targeted simply because it is easily obtainable and widely used.

Trojan.Peskyspy intercepts audio streams, turning them into MP3 files which can then be sent back to a remote eavesdropper.

Symantec is calling the Peskyspy Trojan a proof-of-concept Trojan as its current incarnation is unable to spread from computer to computer.

This said, the code for Trojan.peskyspy is publicly available and is likely to mutate over time.

Once installed on a victim's PC, Trojan.peskyspy bypasses security protocols or encryption applied by Skype by intercepting audio between the Skype application and the PCs audio hardware.

The code underpinning Trojan.peskyspy was originally published by a Swiss researcher.

Although Symantec does not see the code being used to launch widespread attacks, its very existence could have privacy implications for discussing sensitive information over a VoIP connection and could see illegitimate phone tapping becoming more commonplace.

According to Symantec, the best way of avoiding infection with Trojan.peskyspy is to use frequently updated security software and regularly apply operating system, browser and other online application updates.

Source: NZ Herald