How a hacker can listen to all your Skype conversations

VOIP applications are getting really popular these days, making communications easier and more affordable. One such application is Skype. Skype provides "free calls" functionality between Skype users as well as Computer to telephone services for a nominal charge.What if we told you that I have the ability to record and listen to all your Skype conversations without you having any knowledge about it ? Its true and quite possible. With an advent of a new kind of virus, its possible to record your calls, save them as an mp3 file format and transfer them to a remote hacker. The vulnerability was discovered just two days back and now a proof of concept is freely available on the internet for anyone to exploit.

An advisory issued by Symantec Anti virus, just two days back details the Trojan.Peskyspy trojan, which was discovered just two days back. It states:

"When the Trojan is executed, it injects a thread into the Skype process and hooks a number of API calls, allowing it to intercept all PCM audio data going between the Skype process and underlying audio devices" meaning your Skype conversations. In addition to this, the Trojan opens a backdoor on the compromised computer, allowing the attacker to record and transmit the recordings. The trojan also possess the ability to circumvent certain firewall settings.

The good news is that Symantec claims that the distribution and threat from this Trojan is very low, with updated virus definitions, you should be able to deter this threat. Being still new, this vulnerability opens a new can of worms in the VOIP world. The original advisory can be reached at http://www.symantec.com/security_response/writeup.jsp?docid=2009-082710-4600-99&tabid=2