14 DAY TRIAL // Ruben Unteregger, a 33-year-old software developer from Switzerland, has made public the source code of a trojan that taps into Skype conversations, records all audio data and sends it back to the attacker. This latest development comes after a serious scandal that flamed in 2006 about the usage of a similar Skype wire-tapping piece of software by the German Police.
Mr. Unteregger has released to the public the source code of the Skype trojan, the SkypeTap DLL injector and the source code and binaries of the SkypeTap plugin. An attached photo provided by him shows how the tapping and recording process works.
The entire process is very silent and works without the user's knowledge. The client is infected after the SkypeTrojan bypasses the firewall and antivirus protection, getting saved to the victim's computer (Note: the script that bypasses the victim's firewall will be released to the public at a later date, Mr. Unteregger reports).
Whenever the user opens up the Skype client and initiates a conversation, the virus performs a DLL injection that will allow it to attach itself to the Skype process and record all audio conversations. The recorded audio files are then transformed from a PCM audio format to MP3, encrypted and sent to a storage center on the web.
According to H-Online, in the fall of 2006, after an article publicized in the Swiss newspaper “Sonntagszeitung” about a similar program that tapped inside Skype conversations, the Department of Environment, Transport and Communications investigated the ERA IT company that supposedly created the software.
In an interview published on the Gulli website, Ruben Unteregger admitted working for that company from 2001 till 2008. “From 2001 till 2008 I was working for ERA IT and was mainly primarily appointed to customer projects in the private sector enterprise. There was a normal employee/employer-relationship between me and ERA IT,” Mr. Unteregger said.
Riccardo Gubser, ERA IT representative, was cited by the H-Online as saying:”the know-how for this development (malware) was introduced to the company by R.U. and it disappeared with his exit from the company.”
For security reasons, Softpedia will not link to the website where the spyware is being hosted, nor disclose its name.
