Skype Trojan can log VoIP conversations

[mgt23]

Symantec claims to have found the public release of source code for a Trojan that targets Skype users..

Security giant Symantec claims to have found the public release of source code for a Trojan that targets Skype users.

Trojan.Peskyspy is spyware which records a voice call and stores it as an MP3 file for later transmission.

An infected machine will use the software that handles audio processing within a computer and save the call data as an MP3. The file is then sent over the internet to a predefined server where the attacker can listen to the recorded conversations.

Since the call is an MP3 it does not take up too much space, and means that transfer speeds are lower.

Symantec admits that the threat risk is low at the moment but that, since the code is publicly available, malware authors are likely to use it as part of a customised snooping package.

The downside for the malware creators is that they would need a lot of time on their hands to go through hours of Skype audio files to find anything of monetary interest.

maybe TiUers should move to Zphone?

[Yammitor]

Anything else has to be better than skype. I just don't trust them.

[§N9sh2bj]

If you knew the background of the skype software, I'd say your concerns are unwarranted. It was written by the same people who wrote the relatively well-engineered Kazaa and got chased around the globe for it.
Encryption is part of the protocol. Even old clients like Skype 1.4 worked when I tested them last year, and oddly, 1.4 through 2.2 (I think) can't upload address book contact information to the Skype servers, as (the programmers say) they discovered a bug of excess data being sent to the servers and so blocked these clients.

It seems if the agents of eBay were trying to 'break in' to Skype to discover a weakness or modify the client, doing a mod would break the backwards compatibility with older versions of Skype.
I believe it was the maker's intention the protocol be secure from the word 'go'. Skype Out calls to normal telephone lines do not enjoy the same level of privacy.
All the documents I could find on POLICE departments attempting to bug Skype calls show they would need to have a bug installed on the same computer, as hardware or software, at a then-cost of 2,500, to catch the audio before it entered the client and after it exited. The per-call bugging costs were additional.

If your system is trusted (secure), I believe Skype to Skype is secure, and I have not seen any evidence to the contrary.

It does not require an email address to sign up, and does not require other Skype Users to be added to one's Skype contact list before calling or messaging. Their servers have no record of a connection between un-added users. All communication is directly between Skype clients without a third-party server, unlike Yahoo, MSN, or Google IM, all owned by jews, and where chat messages can easily be logged as I am sure they are, all passing through a chat server. If you must use Yahoo, MSN or Google IM, I can recommend Pidgin.im (formerly GAIM), with the OTR plug-in. If both clients use Pidgin+OTR then the chat traffic is highly-encrypted.

That the agents of Symantec corp come out with a press release stating there is code to log Skype calls, is a bunch of b.s. That code has been out there for some time. With poor private computer management skills on a given computer, it is easy for third-parties to install software. All it takes is minimal computer administration know-how to keep unwanted third-party applications off an otherwise trusted computing platform.

I have not used a Symantec AV product for many years.