The code that make Skype calls to MP3 files is unable to mass attacks, says Symantec.
A Swiss scientist, Ruben Unter Egger, published last week, the source code of a program to listen to Skype conversations.
The application relates to the Skype processes and makes hidden recording of VoIP conversations. The talks will be converted to MP3 files that are sent to a remote server. Skype calls are encrypted to make it almost impossible to listen to them over the net. The program to Unter Egger pick up conversations in the computer, outside the area where the encryption strike. The same principle is known from the solutions for breaking the copy protection on audio files.
IT security company Symantec has named the program 'Trojan. Peskyspy ". The company's security blog explains how the code works and that it does not exploits a security hole in Skype, but captures the bitstream at the level below the applications for IP telephony is able to control.
The blog says the method can be used against most of IP telephony, and that there will be more similar trojans to affect other services for voice over IP.
Although the code is published in open source,Symantec do not see any more danger of attack.
- The code proves that the attack is possible. It contains no method of distribution. It is possible we will see variations of this code come. We recommend that you keep their virus protection up to date.
In an interview with news agency AP,the head of Symantec Security Response, Kevin Haley,goes even longer.
- [The actual trojan] is more interesting than dangerous. It has a clear goal, and is a tool for spying. It may not be suitable for some form of broad attacks.
Unter Egger even told AP that he published the code because he wants to make people aware of the "surveillance society" and the police's use of Trojans for monitoring purposes.
Unter Egger is believed to be the brains behind the Trojan horse as the police in the EU and Switzerland has to listen to Skype conversations. He refuses any comment on this, with reference to confidentiality.
Up until last year worked Unter Egger of the Swiss company ERA IT Solutions. In October 2006, wrote the newspaper SonntagsZeitung that this company had been tasked by the Swiss government, through the Ministry for the Environment, Transport and Communication (Department für Umwelt, Verkehr und Kommunikation, abbreviated Uvek), to develop a method to listen to Skype and other forms for PC-based IP telephony. The method was at that point in testing.
