• Trials & Downloads
  • Personal / Home Office products
  • Business Products
  • Malware Cleaner
  • Installers
• • Corporate
  • Norge
  • France
  • Deutschland
  • Sverige
  • Danmark
  • Suomi
  • Nederland
  • Schweiz
  • España
  • United States
  • United Kingdom
  • Italia
• About Norman
  • Vision & Values
  • Management Team
  • Our Technology
  • Awards & Certifications
  • Customer Cases
  • Press & Media Center
  • Events
  • Careers
  • Subscribe to newsletter
  • Contact Us

Security Center

Compromised telephone conversations

2009-09-03 [Malware discussion, Privacy issues]

   Week 16, 2009

Listening in to telephone conversations is traditionally associated with initiatives from national security agencies / police organizations with vast resources, or shady private detectives. This may not be the case any more if the person or persons under surveillance use a particular system for telephone calls.

Voice over Internet Protocol

Voice over Internet Protocol (VoIP) or Internet telephony is a system where the Internet is used as the communication device as opposed to using "the traditional telephone lines". The advantages are numerous, especially those associated with cost, particularly with respect to long-distance calls. As the technology has matured, the quality issues that were a nuicance in earlier adaptations are now less relevant.

Systems that use VoIP have therefore become quite wide-spread, which is an ongoing trend. Several systems are in use, one of the most popular being Skype.

She can hear you

We have recently seen a new type of malicious software - a Trojan - that targets users of Skype systems. Users are tricked to start a malicious program that installs itself in such a way that all phone communications through Skype are trapped and stored as MP3 files. This is done in such a way that encryption mechanisms that are in use do not apply.

It should be stressed that the malware does not use any vulnerabilities in Skype itself, but relies on traditional social engineering techniques to get into the system. The reason why Skype is the target in this case, is presumably because this system is much used.

The danger

This type of malware does not really represent any particular danger for "the average user". Most telephone conversations are normally not interesting for the author(s) of such malware.

The way the malware is designed, it does not have systems in itself to identify "interesting" phone calls based on for example particular words in use. This would have required advanced voice recognition systems, which seem tricky to include in a mere trojan. One could in principle imagine that all MP3 files were transmitted to external analysis by huge computers, but this scenario seems a bit far-fetched, and would require considerable computing resources only available to major organizations.

Thus, the potential voice files that might be of any interest to a person with bad intent, will be obscured by a multitude of less interesting audio files. This may be seen as a special case of "security by obscurity...".

This type of malware will therefore only be interesting for a malicious person if it is used as a targeted attack against one or a few particular persons or organizations. Then it might be worth the effort to search through heaps of MP3 files just to find those few that contain interesting information from the malware authors point of view.

Norman's antivirus software

The piece of malware that is discussed above is detected by Norman's antivirus software with virus detection files from 3 September 2009 or later as W32/Skytap.A.

• Privacy policy
• License agreement
• Trademarks
• Sitemap
• Contact Us

© Norman ASA