Our anti-spam initiatives

We’ve been hearing reports that spam levels are increasing on Skype, and I want to reassure you that we don’t take this sort of thing lightly.

Unfortunately, Skype, like any other communications software, has a small minority of users who abuse the software. In order to deal with people who send unsolicited messages, we have resources dedicated to a number of ongoing anti-spam initiatives, focused around three areas:

• Prevention: working behind the scenes to make it harder for spammers to send messages
• Reaction: making it easier to report spam, and fine-tuning the way we deal with those reports
• Identification: making it easier to identify messages from unfamiliar users

Please keep an eye on this blog, where we’ll announce the public-facing bits of our approach as we release them. In the meantime, please continue to block and report abusive users to us – doing so will help us to identify and deal with spammers.

Most importantly, however, you can rest assured that we’re working hard behind the scenes to combat spam, and will take action against spammers where appropriate – with the objective of keeping Skype a productive and friendly place for users like you.

Reporting spammers

To report spam directly from Skype, you need Skype 4.0 or 4.1 for Windows, or Skype 2.8 for Mac – download the latest version free if you don’t have it already.

In Skype for Windows

When you get a contact request, click Block, then check Report abuse from this person and click Block.

To report someone who’s sending you instant messages, right click on them in the conversation pane, and click Block This Person. Then check Report abuse from this person and click Block.

In Skype for Mac

When you get a contact request, choose Block this person from contacting you in the future, then check Report abuse from this person and click Block.

To report someone who’s sending you instant messages, right click on them in the conversation drawer, and click Block. Then check Report abuse from this person and click Block.

Source code for Skype eavesdropping trojan in the wild

Earlier this week, Swiss programmer Ruben Unteregger who has been reportedly working for a Swiss company ERA IT Solutions responsible for coding government sponsored spyware, has released the source code of a trojan horse that injects code into the Skype process in order to convert the incoming and outgoing voice data into an encrypted MP3 available at the disposal of the attacker.

Here’s how the trojan, currently detected as Trojan.Peskyspy, works:

 

“When the Trojan is executed, it injects a thread into the Skype process and hooks a number of API calls, allowing it to intercept all PCM audio data going between the Skype process and underlying audio devices. Note: Since the Trojan listens to the data coming to and from the audio devices, it gathers the audio independently of any application-specific protocols or encryption applied by Skype when it passes voice data at the network level.

Note: The incoming and outgoing audio data are stored in separate .mp3 files. The Trojan also opens a back door on the compromised computer, allowing an attacker to perform the following actions:
- Send the .mp3 to a predetermined location
- Download an updated version
- Delete the Trojan from the compromised computer”

Skype is often dubbed a “national security threat” by governments all across the globe due to their — at least publicly acknowledged inability — to crack the 256-bit encryption VoIP calls.

And while some of these governments are reportedly spending surreal amounts of tax payer’s money (Rental of the Skype-Capture-Unit per month and instance EUR 3.500) in order to achieve their objectives, others are taking the cost-effectiveness path by attacking the weakest link in the process - the end user infected with a targeted DIY government sponsored spyware recording all ongoing and incoming Skype calls, thereby bypassing the need to attack the encryption algorithm.

How to Make a Trojan Horse

Most of you may be curious to know about how to make a Trojan or Virus on your own. Here is an answer for your curiosity. In this post I’ll show you how to make a Trojan on your own using C programming language. This Trojan when executed will eat up the hard disk space on the root drive (The drive on which Windows is installed, usually C: Drive) of the computer on which it is run.  Also this Trojan works pretty quickly and is capable of eating up approximately 1 GB of hard disk space for every minute it is run. So, I’ll call this as Space Eater Trojan. Since this Trojan is written using a high level programming language it is often undetected by antivirus. The Trojan is available for download along with the source code at the end of this post. Let’s see how this Trojan works…

Before I move to explain the features of this Trojan you need to know what exactly is a Trojan horse and how it works. As most of us think a Trojan or a Trojan horse is not a virus. In simple words a Trojan horse is a program that appears to perform a desirable function but in fact performs undisclosed malicious functions that allow unauthorized access to the host machine or create a damage to the computer.

Now lets move to the working of our Trojan

The Trojan horse which I have made appears itself as an antivirus program that scans the computer and removes the threats. But in reality it does nothing but occupy the hard disk space on the root drive by just filling it up with a huge junk file. The rate at which it fills up the hard disk space it too high. As a result the the disk gets filled up to 100% with in minutes of running this Trojan. Once the disk space is full, the Trojan reports that the scan is complete. The victim will not be able to clean up the hard disk space using any cleanup program. This is because the Trojan intelligently creates a huge file in theWindowsSystem32 folder with the .dll extension. Since the junk file has the .dllextention it is often ignored by disk cleanup softwares. So for the victim, there is now way to recover the hard disk space unless reformatting his drive.

The algorithm of the Trojan is as follows

1. Search for the root drive

2. Navigate to WindowsSystem32 on the root drive

3. Create the file named “spceshot.dll”

4. Start dumping the junk data onto the above file and keep increasing it’s size until the drive is full

5. Once the drive is full, stop the process.

You can download the Trojan along with it’s source code HERE.

How to compile, test and remove the damage?

Compilation:

You can use Borland C++ compiler (or equivalent) to compile the Trojan.

Testing:

To test the Trojan,  just run the SpaceEater.exe file on your computer. It’ll generate a warning message at the beginning. Once you accept it, the Trojan runs and eats up hard disk space.

NOTE: To remove the warning message you’ve to edit the source code and then re-compile it.

How to remove the Damage and free up the space?

To remove the damage and free up the space, just type the following in the “run” dialog box.

%systemroot%system32

Now search for the file “spceshot.dll“. Just delete it and you’re done. No need to re-format the hard disk.