Symantec has detected a new Trojan which targets Skype users in order to monitor and record conversations made using the Internet telephony service. Apparently the source code for this particular Trojan, called Pesky Spy, is already being touted around the usual places where the bad guys can pick up such things.
It would appear to work by using the Windows API hooks that are intended for audio applications, such as Skype. The audio processes are monitored, calls recorded as relatively small MP3 files, and transferred quickly to anywhere on the Internet before the victim even knows their calls are being tapped. In fact, before the conversation even hits Skype.
Symantec explains that "Because the Trojan listens in the data traveling between the Skype process and the audio device, it gathers the audio independently of any application-specific protocols or encryption applied by Skype when it passes voice data at the network level. Essentially, it sits below these security measures, recording the audio at the Windows level—before outbound audio from the microphone gets to Skype and after incoming audio leaves Skype and reaches the speakers."
Skype is said to be aware of the Trojan, and is advising that users ensure their anti-virus and firewalls are up to date and operating properly.