Malware Targets Skype Users, Records Conversations (softpedia.com) 49
An anonymous reader writes: A new backdoor trojan is making the rounds, coming equipped with features that allow it to steal files, take screengrabs, and record Skype conversations. Currently detected targeting US organizations, researchers linked it to previous malware developed by a Chinese cyber-espionage group called Admin@338. Besides recording Skype conversations, the malware can also steal Office documents, and includes a complicated installation procedure that allows it to avoid antivirus software installed on the machine.
no need for malware (Score:5, Informative)
It can already spy on you out of the box. [bgr.com]
On 10 November 2014, Skype scored 1 out of 7 points on the Electronic Frontier Foundation's secure messaging scorecard [wikipedia.org]. Skype received a point for encryption during transit but lost points because communications are not encrypted with a key the provider doesn't have access to (i.e. the communications are not end-to-end encrypted)
Chinese, Russian and United States law enforcement agencies have the ability to eavesdrop on Skype conversations, [wikipedia.org]as well as have access to Skype users geographic locations. This ability was deliberately added by Microsoft after they purchased Skype in 2011.
TL;DR = Skype is a privacy clusterfuck. It is already well and thoroughly backdoored. Adding another back door is akin to adding a second screen door to your submarine.
Re: (Score:1)
Why would anyone even care about your Skype conversations? Is this like for black mail purposes or do people really discuss state secrets using Skype?
Just to note I haven't used Skype since 2007. So maybe it has a trade state secret function now but when I used it all it could do was make voice and video calls also sms for a extra fee. But that's been almost 10 years ago now.
As for why I haven't used it since 2007? My cell phone has unlimited nationwide calling/sms/mms.
Re: (Score:1)
People do sexytime over Skype, my wife and I use it that way sometimes when I'm on the road. So yeah, probably blackmail purposes. Intercept a Senator or a big CEO and his wife (or even better? his boyfriend) and now you have some power.
You're not missing anything not using Skype, but these days it's almost all free domestically, and good high quality video chat. Of course the tradeoff is NSA is tapped directly in and recording every second.
Re: (Score:2, Insightful)
Skype is a standard tool that is upwards of 10% of 2 way streaming. A lot of interesting people use it. Hacking those people is money in the bank. You need a better question.
Re:no need for malware (Score:5, Informative)
It is also more effective on smart phones, tablets, and on multiple operating systems than most other voice tools. It's used regularly for business planning meetings when a telephone call is notably more expensive, especially for international teleconferences, and it's used for remote conferencing when a landline or cell reception does not work well. I've found it very effective noisy rooms, with a good pair of headphones and careful use of the "mute" button.
Re: (Score:2)
Has always worked pretty well for me on a number of Android devices (as well as Linux desktops, and Windows, too, back in the day). Could be the quality of your hardware and/or connection.
Re: (Score:2)
In my previous job, I refused to accept anyone joining my conf-calls using Skype - the audio quality was horrendous, and when you're conferencing in people from around the globe, with lots of different accents and differing levels of English, you need every bit of clarity you can get.
In the current job, we're allowing Skype, but the one time we ended up using it, we still had to give up due to dropouts and general quality.
Re: (Score:2)
Why would anyone even care about your Skype conversations? Is this like for black mail purposes or do people really discuss state secrets using Skype?
Read AC's links On Linux, the backdoors give access to all your passwords, and on everything will access your address book even when you tell it not to - shades of Windows 10 telemetry. Now imagine when coupled with some service like Linkedin, where you give them your email passwords so Linkedin can harvest your address book. Fun fun for everyone.
You put a backdoor in software for the good guys, it's only a matter of time until the bad guys have it as well.
Re: (Score:2)
Plus: whatever "good guys" is. Your "good guys"? My "good guys"? Bachar AL Assad's "good guys"? Putin's "good guys"?
For certain. And seeing the gaping back doors in Skype, I would never allow it on any machine except one that has nothing else on it. No email, no passwords, no credit card purchases. Skype is that much of a threat to the user. Kind of like what I did with a Windows 10 computer. I set it up to learn about W10, but decided to keep it separate from everything else. The entire Windows ecosystem wants to know everything about you, and the door is wide open.
Re: (Score:1)
Yes, why would anyone care? Microsoft, the NSA and GCHQ already records it all anyway.
Re: (Score:2)
Why would anyone even care about your Skype conversations?
Just because your Skype conversations are inane and intrinsically worthless, doesn't mean everyone else's are.
Re: (Score:2)
Depends on how valuable you are, and, if you're a high-level muckety-muck that feels inconvenienced by security regulations, well, you might just forego going secure because it's too much trouble (you think Hillary Clinton is the only high-level muckety-muck that's skirted security regulations for reasons that suited them?).
Re: (Score:1)
I don't really use all the features but I'm told they're all pretty good. I only use it to communicate with a few people. What is it? uTox or, in my case, qTox.
http://utox.org/ [utox.org]
I guess it does what Skype does (whatever that is - it was "famous" for being able to get around firewalls last time I paid attention to it) but it's really encrypted.
No it was added *prior* to Microsoft (Score:1)
Nah, the PRISM additions were just *before* the purchase.
I bet *adding* it was what made Skype worth so much to Microsoft. Imagine all that hidden money they receive for intercepting voice and messaging calls from three and four letter agencies. No competition, since you're not competing for visible revenue.
Ka-chink!
Re:no need for malware (Score:4, Interesting)
Skype is a privacy clusterfuck. It is already well and thoroughly backdoored. Adding another back door is akin to adding a second screen door to your submarine.
Skype is a security danger even if you don't have it running. You have to uninstall it.
Possibly one of those cases when if you put a backdoor in "for the good guys", the bad guys will discover it and use it, in the end, decreasing security. Get rid of it, because even if you have nothing to hide, you're just opening your computer up to the world.
Re: (Score:2)
I know that this is anecdotal but I have never had an issue with Skype. As a matter of fact, it works better than every other VoIP product I have tried.
I just wish they would separate out the chat component into a stand-alone product though... I hate having a Skype chat with someone and then find 100 unread messages on my phone...
Re: (Score:2)
As few weeks later, Skype wasnâ(TM)t logged in or running, all my Skype contacts, including work contacts, start getting malware-ridden spam links coming from me..
Ugh! I've heard that Skype accesses your email recipients - even if you tell it not to So there's the proof that it does, and that not only Microsoft and law enforcement have the keys to the kingdom now.
Re: (Score:2, Informative)
Installation (Score:2, Troll)
Considering what it takes to get Skype for Business up and running it's ironic that the malware is described as having a complicated installation procedure.
Why back doors for Govt are a bad idea (Score:3)
http://www.theguardian.com/wor... [theguardian.com]
Windows only? (Score:2)
It's not clear from the article, but the "complicated installation procedure" makes reference to a bunch of Windows anti-virus software and shows how it goes from RTF to EXE to DLLs which would seem to imply that this is Windows only (as usual).
Anybody know?