Thursday, September 03, 2009

SkypeDLLInjector TROJ_SPAYKE.C Trijan, Eavesdro On Skype Calls

http://snapvoip.blogspot.com/
Security researchers have found that new open source Trojan could eavesdrop on Skype calls. For years Skype was known for it's impregnable encryption to keep the app and the users safe. But now with this discovery expectations might fall.
It is not a good time for Skype as it seems that Ebay is trying to sell Skype off and pending law suits by creators of Skype and now finally this.
A few years ago we also discovered; Eavesdropping Is Possible On Cisco IP Phones

According to the post on TrendMicro blog,"this Trojan uses social engineering methods to lure users into performing certain actions that may, directly or indirectly, cause malicious routines to be performed. Specifically, it intercepts communication in Skye application."
The Trojan is capable of intercepting Skype traffic by patching a call in the following APIs:

* send
* recv

The following information obtained from the network are also logged in the said text file:

* MySend() : {string}
* MyRecv() : {string}

This Trojan is intended as a proof-of-concept (POC) program but its code, which is now freely available, can be modified so that the information obtained from the Skype network are saved as audio files, such as .mp3s, and sent to a remote computer.


 This Trojan is an open-source application that can be downloaded from the web. The site had the following message accompanying the code and binary files;
Tool name : SkypeDLLInjector version 0.1
Description : SkypeDLLInjector is a tool to demonstrate how DLL injection works. In this proof of concept it is applied to the Skype application. It consists of a loader application which remains running in the background and a DLL which will be injected into every newly started program via a system wide Windows hook.
All what this tool does is interception the function calls recv() and send() to inspect the network data skype is sending and receiving. Because Skype traffic is encrypted only a small portion of the traffic is readable. But it could inspire you to create your own tools which eavesdrop other calls to intercept sensitive data (as the username and password for example).

0 comments:

Blog Widget by LinkWithin