2009年8月31日星期一

Experts Downplay Skype Trojan

Last week we alerted you to a new attack against Skype clients that manages to listen in on conversations and record them. It's an alarming attack, but commentary from Symantec and Trend Micro downplay the immediate threat.

Symantec calls it Trojan.Peskyspy and doesn't see this particular attack as gaining any traction in the real world. They point out that the attack has little if anything to do with Skype itself:

What this threat is doing is actually grabbing the sound coming from the audio devices plugged into the computer. It does this by hooking various Windows API calls that are used in audio input and output. It then is able to intercept all audio data traveling between the Skype process and the underlying audio device. The extracted audio data is then saved to .mp3 files and stored on the computer.
So any program that uses sound input or output is as compromised.

Trend Micro also points out that "...it only collects information but does not decrypt the said information and consequently send it to a remote user." They detect it as TROJ_SPAYKE.C.

The attack method also has nothing to do with Skype and so your best defense is the same as your defense against all malware: run at low privilege, use anti-malware protection, and use your common sense.

没有评论:

发表评论