Dear readers
I used the time over christmas to work on the Skype trojan source code. The code was a little messy, it compiled but at some places it crashed. The old source was optimised for Skype 3 and about for a year now Skype 4 is spreading more and more. Therefore I decided to clean up the code and adapt it that way it works toghether with the new Skype version.
It took its time, several bugs were fixed, some of the old features were removed as for example encryption and encoding.
The code is available here. Feedback is as always appreciated. Just drop me a mail.
Thanks for warning
strange enough that after that long time skype still refuses to fix this weakness :/
Great job as always! I realy admire your work.
If you were not open source you’d be one dangerous guy
How the malware research is going? Any new interesting sources?
> How the malware research is going? Any new interesting sources?
i still owe you the megapanzer source code and SafeSide :/ but as usual I’m completely out of time.
at least this source is out now. next steps are IM account recovery tools. I’m making progress
but first priority has school.
Of course, school is always first. I would like to have more time for malware also, but it will wait some better times…
IM account recovery tools? This one will be interesting : )..
Keep up the good work …
uh… i nearly forgot! the audio output is stored in your home directory under “SkypeTap\Plugins” (c:\documents and setings\yourHome\SkypeTap\Plugins\”. the files are stored as *.bin files.
the directory name “PlugIns” was once used to stay under the users radar and also the naming convention “A12618290180003I.bin”, the actual audio files, should avoid unnecessary attention.
ok, i forgot something important to mention to make the SkypeTap plugin correctly. to convert the raw PCM data to MP3 the lame_enc.dll is required. download it from the web (i’m sure you will find it) and put it in the SkypeTap directory inside your home directory. thanks to hugo caron reporting this malbehaviour
i’ve checked the download statistics some minutes ago. the source was downloaded over 400 times. only one person noticed the strange behaviour of the plugin.
the threat craeted by publishing the code, a virus avalanche could hit the net, didn’t arrive. as i and probably most of the people guessed. i think also with this update there is no new threat we have to be protected against. we can stay relaxed i think.
other opinions? critizism?
Thanks for your great job!
At the same time, I’d like to feedback some problems:
1. Windows XP with Skype 4.0.4: SkypeTab works properly, but the recorded files have some problems, especially the output voice files(A1268……..O.bin) ,while I played them, each words in the voice repeated 3 or 4 times, and I also found that the Output Voice files are more than Input Voice Files ,maybe 3times……
2. Windows 7 with Skype 4.0.4: I also tested on windows 7, but it didnot work,NO FILES RECORDED! I didnot know how to solve this problem.
waiting for your solutions…..
Hi carrumba,
It’s a fine code and great job, really. However I’d like to call your attention to a few bugs. I think there is one around the mp3 encoder sampling rate settings. It’s easy to correct. The other one I assume is somewhere in the IDirectSoundBufferReplacement.cpp file, but I could not locate it. It seems as if the position in the circular buffer was not correct while reading its content and the same samles were written to the output file at least four or five times. Would you have a closer look at this last problem? I’d be really grateful if you could drop me a mail with some suggestion about the solution.
Thank you in advance.
hey tomcat
thanks for your feedback.
yes… there still are some bugs around i had to fix. but i can’t promise i find the time to do it
because other tasks have higher priority. i still work on megapanzer to automate the e-banking
attack i want to take up work on its counterpart, to prevent such attacks …
also in the pipeline is a tool that builds upon megapanzer that collects sensitive data
on a system and displays it in a GUI …
Well, I understand but thanks anyway. In this case I have to find it myself. I think I am on the right track. Hopefully I will find the major bug within a couple of days from now at hte most. If you are interested I will send it back to you of course.
Cheers,
Hi Carrumba,
As I promissed I corrected your code and it works now as it should. Unfortunately, presently I am lacking in time, but later I’m going to send you a mail with a detailed explanation and probably a few code snipets which rectify the problems. I don’t want to put them here, but you can if you wish to. It’s up to you.
Cheers,
TomCat