Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×
China Communications Crime Security IT

Malware Targets Skype Users, Records Conversations (softpedia.com) 49

An anonymous reader writes: A new backdoor trojan is making the rounds, coming equipped with features that allow it to steal files, take screengrabs, and record Skype conversations. Currently detected targeting US organizations, researchers linked it to previous malware developed by a Chinese cyber-espionage group called Admin@338. Besides recording Skype conversations, the malware can also steal Office documents, and includes a complicated installation procedure that allows it to avoid antivirus software installed on the machine.
This discussion has been archived. No new comments can be posted.

Malware Targets Skype Users, Records Conversations

Comments Filter:
  • no need for malware (Score:5, Informative)

    by Anonymous Coward on Sunday February 07, 2016 @09:53PM (#51459795)

    It can already spy on you out of the box. [bgr.com]

    On 10 November 2014, Skype scored 1 out of 7 points on the Electronic Frontier Foundation's secure messaging scorecard [wikipedia.org]. Skype received a point for encryption during transit but lost points because communications are not encrypted with a key the provider doesn't have access to (i.e. the communications are not end-to-end encrypted)

    Chinese, Russian and United States law enforcement agencies have the ability to eavesdrop on Skype conversations, [wikipedia.org]as well as have access to Skype users geographic locations. This ability was deliberately added by Microsoft after they purchased Skype in 2011.

    TL;DR = Skype is a privacy clusterfuck. It is already well and thoroughly backdoored. Adding another back door is akin to adding a second screen door to your submarine.

    • by sims 2 ( 994794 )

      Why would anyone even care about your Skype conversations? Is this like for black mail purposes or do people really discuss state secrets using Skype?

      Just to note I haven't used Skype since 2007. So maybe it has a trade state secret function now but when I used it all it could do was make voice and video calls also sms for a extra fee. But that's been almost 10 years ago now.

      As for why I haven't used it since 2007? My cell phone has unlimited nationwide calling/sms/mms.

      • by Anonymous Coward

        People do sexytime over Skype, my wife and I use it that way sometimes when I'm on the road. So yeah, probably blackmail purposes. Intercept a Senator or a big CEO and his wife (or even better? his boyfriend) and now you have some power.

        You're not missing anything not using Skype, but these days it's almost all free domestically, and good high quality video chat. Of course the tradeoff is NSA is tapped directly in and recording every second.

      • Re: (Score:2, Insightful)

        by Anonymous Coward

        Skype is a standard tool that is upwards of 10% of 2 way streaming. A lot of interesting people use it. Hacking those people is money in the bank. You need a better question.

        • by Antique Geekmeister ( 740220 ) on Sunday February 07, 2016 @11:08PM (#51460115)

          It is also more effective on smart phones, tablets, and on multiple operating systems than most other voice tools. It's used regularly for business planning meetings when a telephone call is notably more expensive, especially for international teleconferences, and it's used for remote conferencing when a landline or cell reception does not work well. I've found it very effective noisy rooms, with a good pair of headphones and careful use of the "mute" button.

          • by GNious ( 953874 )

            In my previous job, I refused to accept anyone joining my conf-calls using Skype - the audio quality was horrendous, and when you're conferencing in people from around the globe, with lots of different accents and differing levels of English, you need every bit of clarity you can get.

            In the current job, we're allowing Skype, but the one time we ended up using it, we still had to give up due to dropouts and general quality.

      • Why would anyone even care about your Skype conversations? Is this like for black mail purposes or do people really discuss state secrets using Skype?

        Read AC's links On Linux, the backdoors give access to all your passwords, and on everything will access your address book even when you tell it not to - shades of Windows 10 telemetry. Now imagine when coupled with some service like Linkedin, where you give them your email passwords so Linkedin can harvest your address book. Fun fun for everyone.

        You put a backdoor in software for the good guys, it's only a matter of time until the bad guys have it as well.

      • by Anonymous Coward

        Yes, why would anyone care? Microsoft, the NSA and GCHQ already records it all anyway.

      • Why would anyone even care about your Skype conversations?

        Just because your Skype conversations are inane and intrinsically worthless, doesn't mean everyone else's are.

      • Depends on how valuable you are, and, if you're a high-level muckety-muck that feels inconvenienced by security regulations, well, you might just forego going secure because it's too much trouble (you think Hillary Clinton is the only high-level muckety-muck that's skirted security regulations for reasons that suited them?).

      • by KGIII ( 973947 )

        I don't really use all the features but I'm told they're all pretty good. I only use it to communicate with a few people. What is it? uTox or, in my case, qTox.

        http://utox.org/ [utox.org]

        I guess it does what Skype does (whatever that is - it was "famous" for being able to get around firewalls last time I paid attention to it) but it's really encrypted.

    • by Anonymous Coward

      Nah, the PRISM additions were just *before* the purchase.

      I bet *adding* it was what made Skype worth so much to Microsoft. Imagine all that hidden money they receive for intercepting voice and messaging calls from three and four letter agencies. No competition, since you're not competing for visible revenue.

      Ka-chink!

    • by Ol Olsoc ( 1175323 ) on Sunday February 07, 2016 @10:26PM (#51459953)

      Skype is a privacy clusterfuck. It is already well and thoroughly backdoored. Adding another back door is akin to adding a second screen door to your submarine.

      Skype is a security danger even if you don't have it running. You have to uninstall it.

      Possibly one of those cases when if you put a backdoor in "for the good guys", the bad guys will discover it and use it, in the end, decreasing security. Get rid of it, because even if you have nothing to hide, you're just opening your computer up to the world.

      • I know that this is anecdotal but I have never had an issue with Skype. As a matter of fact, it works better than every other VoIP product I have tried.

        I just wish they would separate out the chat component into a stand-alone product though... I hate having a Skype chat with someone and then find 100 unread messages on my phone...

  • by PNutts ( 199112 )

    Considering what it takes to get Skype for Business up and running it's ironic that the malware is described as having a complicated installation procedure.

  • by sasparillascott ( 1267058 ) on Monday February 08, 2016 @09:17AM (#51461651)
    This is what happens when you have an "encrypted" system with a built in backdoor for the government - and this is why that is a bad idea.

    http://www.theguardian.com/wor... [theguardian.com]
  • It's not clear from the article, but the "complicated installation procedure" makes reference to a bunch of Windows anti-virus software and shows how it goes from RTF to EXE to DLLs which would seem to imply that this is Windows only (as usual).
    Anybody know?

I just asked myself... what would John DeLorean do? -- Raoul Duke

Working...