Skype Encrypts Your Calls, Trojan Gets Around It.

I’m a Skype user.  While I’m not too crazy about the call quality, it’s the cheapest way to make calls to the US while I’m drinking a cup of coffee at an overseas coffee shop that offers free wi-fi (the call itself is also free if the other guy uses Skype on his computer as well).  One of the things that I don’t really think about it, but I’m sure I should appreciate, is the fact that all calls made via Skype make use of encryption.

Why do I know this?  I covered a story nearly two years ago how the German government could not crack Skype’s encryption and had to find a way around it if they wanted to do some wiretapping.

Now, there’s news that a new Trojan is making the rounds that gets around this “problem.”  The new malware, Trojan.Peskyspy, gets around the issue of encryption by recording Skype calls.

You see, any method of secure communication features a weak link.  In the case of Skype, it’s the fact that you cannot listen to your friend on Skype unless the encrypted call is decrypted at some point.  The Trojan essentially records this decrypted audio and saves it as an MP3 file on your computer and is later sent to whoever controls the infected machine.

Since encryption has proven to be too hard to break, the smart ones have decided to find some other way to eavesdrop.

The only problem, as pointed out by Symantec, is the fact that any criminals wanting to use information gleaned via this method have to spend time listening to thousands of MP3 files.

Or is it a problem?  I know of speech recognition software, like Dragon Naturally Speaking, that does a great job of transcribing audio (I use DNS myself).  I can already see a scenario where MP3s are sent to the malware creators; the audio is transcribed via speech recognition software; and a script is run to concentrate on number patterns that seem to match credit cards and SSNs.  The entire thing could be automated.

Sure, the signal-to-noise ratio may be pretty high (this method may not be as efficient as hacking into a bank’s database), but seeing how a lot of people put their guard down while on the phone, it may be worth the effort.  You know, like panning for gold is not exactly a better way to become rich than a 9-to5 job, but when you strike it big…

Related Articles and Sites:,skype-trojan-can-log-voip-conversations.aspx

Comments (0)

Let us know what you think