Tuesday, September 1, 2009

New Skype trojan

New Skype trojan : Trojan.PeskySpy



There is a new trojan horse circulating in the wild. which is called Trojan.PeskySpy as per symantec and Troj_Spayke.C to Trend micro. Its again shows the low security measures of skype by allowing the programmers to take advantage over its API. The new skype trojan is based on the code which a swiss programmer recently published under GPL licence. but he might have never expected the use of his code for creating such a malware.



The behaviour of the trojan is same as like the other trojan virus do. Be stealth in the system and steal the data.the skype trojan was designed to capture all the audio conversations of the skype users ( with all the data including time stamps,date..etc ). The malware has the ability to upload the captured file into a specific location  in the internet. moreover to this , it can bypass the firewalls also.


The trojan horse code was first released as a Proof of concept code. But still its freely available over the internet. Which will help programmers to capture ,save all the audio conversation of others in mp3 format and send to remote locations.


For every malwares, the programmer will try to add the functionality to take over the system control. here also the author of the malware tried it as much he can. the attacker can delete the trojan file from a remote location also.


How trojan installs ?


Trojan horse  is circulating as an e-mail attachment and purports to be the newest release of the company's Internet telephone software. when the users who opens the attachment, they can see a fake installation error box. this is obviously to confuse the users, as they misinterpret that the application has encountered an error. but the wise trojan is installing itself. after that it wil try to connect the IRC channels



Symantec/Norton users can update their antivirus for preventing against the malware


Goto this link for more details


http://www.symantec.com/security_response/writeup.jsp?docid=2009-030512-2624-99



No comments:

Post a Comment