A recently released program for tapping Skype calls is actually a Windows Trojan Horse program, Skype has explained in a blog post. A European software developer released the Trojan.Peskyspy program as a public warning of the potential danger it posed. The Swiss government had asked the developer's employer to create software that could listen in on Skype and other VoIP calls. The developer hoped the release would encourage other developers to come up with ways to counter the program.
The program's operation does nothing to compromise Skype's encryption or other security features. It works, rather, by infecting the target Windows computer just like any other Trojan Horse. Once installed, it intercepts the audio data traveling between the Skype client software and the machine's audio devices, such as headsets, microphones and speakers. It then saves the audio in MP3 files. A backdoor lets an attacker send the files anywhere to listen to. The same technique could work with any other VoIP application.
The solution is the same as for any other malicious program: mainly, to keep operating system patches current and anti-virus software up to date. Symantec is already on the case. Skype doesn't think the program will make much headway "in the wild." It warns, though, that the possible appearance of variations on the basic design means that ongoing vigilance is necessary. For now, at least, Macintosh Skype users don't appear to have anything to worry about.
Recent Comments