wiretap Trojan

What is a wiretap Trojan?

A wiretap Trojan is a program that surreptitiously records VoIP calls.

In August 2009, Symantec issued a security bulletin about Trojan.Peskyspy, a wiretap Trojan that targets Skype calls. Peskyspy uses Windows API calls to access sound from audio devices. The Trojan intercepts Skype audio before it is encrypted, converts the audio stream into an MP3 file and saves it on the victim's machine. Peskyspy includes a back door so that the intruder can have the files sent to another location for access.

According to Kevin Haley, director of Symantec Security Response, a wiretap Trojan is an espionage tool that's intended for targeted attacks rather than widespread infection -- the intruder would simply have to sort through too many calls to make any broader use practical.

Ruben Unteregger, a Swiss programmer, developed Peskyspy. Unteregger said he released the code to make the public aware that "we are now becoming a surveillance society" and that "police Trojans are reality and questionable."

Learn More About IT:
> Whitfield Diffie and Susan Landau write about Internet eavesdropping and related issues of espionage, privacy and security.
> Jordan Robertson writes about wiretap Trojans.
> SearchSecurity Asia reports on Symantec's discovery of the Peskyspy Trojan.

This was last updated in September 2009

Dig Deeper on Financial Security Resources

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.


File Extensions and File Formats