A little bit about Trojan.Peskyspy
Some of you may have seen stories circulating about a ‘trojan’ (a malicious piece of software) which can listen in to your Skype calls – and I’d like to set the record straight on two points.
- In order for this trojan to ‘listen in’, it has to be run on your computer, which means that your computer is already compromised – e.g. by a virus.
- It doesn’t exploit the Skype software; instead, it ‘listens in’ to the audio data which is transferred between Skype and your computer hardware – your headset and microphone, for example – and it does this using processes which are available in the Microsoft Windows operating system. It’s like standing next to someone when they are talking
So, what should you do? All the usual security recommendations still apply – make sure you don’t open files from people you don’t trust, stay current on patches and updates for your computer and use an up-to-date anti-virus program.
If you’re looking for more details, the security experts at Symantec sum things up pretty nicely over on their blog:
What this threat is doing is actually grabbing the sound coming from the audio devices plugged into the computer. It does this by hooking various Windows API calls that are used in audio input and output. It then is able to intercept all audio data traveling between the Skype process and the underlying audio device. The extracted audio data is then saved to .mp3 files and stored on the computer.
Because the Trojan listens in the data traveling between the Skype process and the audio device, it gathers the audio independently of any application-specific protocols or encryption applied by Skype when it passes voice data at the network level. Essentially, it sits below these security measures, recording the audio at the Windows level—before outbound audio from the microphone gets to Skype and after incoming audio leaves Skype and reaches the speakers.
Finally, the Trojan contains a back door, which enables an attacker to have the stolen audio conversations sent to a predetermined location, where they can later be listened to.
In terms of impact, we don’t see this threat gaining much of a foothold out in the wild. What we’ve seen is largely proof-of-concept and does not contain any method to spread from one computer to another. However, it is possible that we will see variations on this Trojan theme in the future. With this in mind we recommend keeping your virus definition and IPS signatures up-to-date.
joanw33 commented Tuesday, Sep 15
Hi, I just received this notice...Is it from Skype???
Thanks
WINDOWS REQUIRES IMMEDIATE ATTENTION
=============================
ATTENTION ! Security Center has detected
malware on your computer !
Affected Software:
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows Server 2003
Impact of Vulnerability: Remote Code Execution / Virus Infection /
Unexpected shutdowns
Recommendation: Users running vulnerable version should install a repair utility immediately
Your system IS affected, download the patch from the address below !
Failure to do so may result in severe computer malfunction.
For the link to become active, please click on 'Add to contacts' skype button or type it in manually into your web browser !
pshara commented Sunday, Sep 20
I'd like to know if there is ANY way to talk to someone at Skype for emergencies? ANY phone number??? I received a notice that my account had an automatic purchase (though I had it configured to NOT do that) for $1,000 US. I searched everywhere on this God-forsaken companies site to find a phone contact, but to no avail. Isn't it a corporate obligation to have a contact phone number on the site (on the homepage would be FANTASTIC!) and a consumer's right to be allowed to contact said company? I've wasted hours waiting in an E-bay online chat room (since they own Skype), trying to get a phone number or talk to someone who could help me find out what is going on! Trust me, I have the proof. In the meantime, here I sit, a hostage to a corporation that doesn't want me to contact it after it charges me $1,000.00 for an update that I NEVER asked for.
eleuteri0 commented Monday, Sep 21
I've some problems with my account, sorry for being off-topic, but I've just run out of ideas on what to do. My password has been changed and I can't reset it through the form, unknown error. Now I've run out of chances to even ask for it to be reset. I must say the whole process is a bit faulty, since there is no way to even talk to anyone without a skype account, and when it has been compromised there is obviously no way of signing in, so in the end I've created a new one to leave this comment here. I've also seen several messages on the forum suggesting this is not an isolated case. What's going on?
newkgms commented Wednesday, Sep 23
I have totally the same problem as eleuteri0. Got kicked out from skype, and my skype name never worked again. I wrote a mail to the support, and got an auto message "come to support.skype.com blablabla". What about to solve our problem? I did not receive any suspicious file from unindentified skype members, so i think your system has the error. Help us please.
Skype name: kgms-wanderer
ziro_01 commented Friday, Sep 25
Hey.
joanw33 - Hi. I'd say it's a hoax.
I just received that same message online.notification.america20.
I don't even have Security Center installed on my system.
You can always make sure your anti-virus, anti-malware software, and all are up to date, and you can scan your system yourself if you want. I'm ignoring this message.
________________
- Ziro out.
karmen543 commented Monday, Oct 12
I'm having the same skpe emergencies. I have not been able to make any phone calls and can't find any help from support skpe this is very sad.Never again....
bill.maher241 commented Thursday, Oct 22
To joanw33
I received the same message, but the site to download the patch was different.
Mine said to go to http://updatecp.org/.
It popped up about an hour after I had talked on Skype with a person that we believe has a virus on her computer. (No anti-virus protection)
I do have an anti-virus program on mine, but I was still a little worried about it. I ran a full system scan and nothing showed up. I would like to know
if Skype sends out these notifications or not.
jmoore205 commented Thursday, Oct 29
I received this same malware alert but my site link is also different. It was http://www.updatels.org/ so far, of all the comments I do not see any reply to what this is or what to do about it. I have just chose not to click on it. I have my own up to date virus protection and it is not detecting anything. If this is something to worry about I hope someone posts something about it. I agree with someone above... there needs to be a phone number for contact or email for contact. I searched your website and could not find one. If I were to purchase a plan from this company I have to know I will have a customer service person to speak to and not a "forum".
mlkent12 commented Thursday, Oct 29
I got the same message about "Windows REquires Immediate Attention" and tried to find someplace to report it. The security page says to go to "Contact Us" but when you go there, there's no place to report anything that I can find. Does anyone at Skype review these posts, or even care? They sure don't make it easy to report problems.
kaleokona commented Thursday, Nov 12
How in the world can one START A NEW THREAD on this security blog? This Skype support system is SO OPAQUE as to be virtually USELESS! I have wasted far, far too much time trying to self-help with this user UNFRIENDLY setup! Frustrating. If any skype techie reads this, take note that more user friendless is far overdue.... SECURITY ISSUE: ZoneAlarm Extreme Security is logging NUMEROUS Skype.exe attempts to communicate with NUMEROUS IPs that are unknown to me, distributed to numerous suspect countries/internet zones (.it, .se, .nl, .de, .cz, .com, .net, .uk, .pt, .ro, .lv, .be, .pl) in rapid succession during cold boot this morning. Most are outgoing connection attempts (3 tries), but some are attempts to send data (120, 129, 82, 129, 75 tries). It appears to me that this may be a serious trojan/security threat. How the heck can I communicate this concern to Skype tech support via email, and get a specific, helpful, quick response back that tells me what to do about this??? Comment: I think the extreme jumping through hoops in the attempt to find relevant answers and information - and the lack of a quick and direct email link to begin a tech support request - is outrageous. This user treatment surely warrants uninstallation of Skype and use of another, more user friendly internet phone provider, don't you think?
kc8nro commented Tuesday, Nov 17
[11/16/2009 8:13:26 PM] Update Info: ****************************************
URGENT SYSTEM SCAN NOTIFICATION ! PLEASE READ CAREFULLY !!
For the link to become active, please click on 'Add to contacts' skype button or type it in manually into your web browser !
FULL DETAILS OF SCAN RESULT BELOW
****************************************
WINDOWS REQUIRES IMMEDIATE ATTENTION
ATTENTION ! Security Center has detected
malware on your computer !
Affected Software:
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows Server 2003
Impact of Vulnerability: Remote Code Execution / Virus Infection /
Unexpected shutdowns
Recommendation: Users running vulnerable version should install a repair utility immediately
Your system IS affected, download the patch from the address below !
Failure to do so may result in severe computer malfunction.
For the link to become active, please click on 'Add to contacts' skype button or type it in manually into your web browser!
Yep I got the same message and I run a anti- virus program and firewalls in this day and age you have to run firewalls.
I have not gone to the link and won't THIS HAS GOT TO BE A HOAX!!!!
And Yes I'm finding the same problem theres no where to contact anyone at skype about this problem if it is on the web page they don't make it to noticeable. Well good luck to all and I hope no one actually follows these links!!
lin.ronald commented Saturday, Nov 21
This system for support is very stupid and very unfriendly.
I have had my skype account HACKED!!
Lost over $100 in credit for phone calls. I think the hackers are working through my contact list.
There is no easy way to connect to anyone at skype. Its a piss off!
corndogamus commented Friday, Feb 19
I cannot contact any human and I want to report abuse of the use of skype to a home phone. 615-724-7999 is the number.
tcchao1917 commented Tuesday, Apr 27
Skype security team is the most unprofessional one, the attitude of deal with security treat is so naive. Definately your security recomendations are not working, and still not looking into the problem of account security problem. For example, one's account credit are used by others, and also people on my contact list got file send requested from "me" (by a fuxker, most likely middle easterner..). My comment to skype is suck. Give us capability to know if there is another PC login with my own ID, and keep the history of login/logoff time of my account, so I know there are other using my ID, OK?