A wiretap Trojan is a program that surreptitiously records VoIP calls.
In August 2009, Symantec issued a security bulletin about Trojan.Peskyspy, a wiretap Trojan that targets Skype calls. Peskyspy uses Windows API calls to access sound from audio devices. The Trojan intercepts Skype audio before it is encrypted, converts the audio stream into an MP3 file and saves it on the victim's machine. Peskyspy includes a back door so that the intruder can have the files sent to another location for access.
According to Kevin Haley, director of Symantec Security Response, a wiretap Trojan is an espionage tool that's intended for targeted attacks rather than widespread infection -- the intruder would simply have to sort through too many calls to make any broader use practical.
Ruben Unteregger, a Swiss programmer, developed Peskyspy. Unteregger said he released the code to make the public aware that "we are now becoming a surveillance society" and that "police Trojans are reality and questionable."
Back to: Glossary