In a fit of moral panic, a programmer who created a tool for the Swiss Government to spy on conversations on Skype has released the source code under a GPL license. That also has to be a first, malware as Open Source.

Here's the story from Infoworld Skype spy Trojan escapes into wildOnly days after Swiss programmer Ruben Unteregger released the source code for a Trojan he wrote three years ago to hack Skype phone calls, the inevitable has happened -- someone has released it as a compiled piece of "faux" malware.

Unteregger posted the code on his website under a GLPv3 license, presumably in the hope that its publication would make it impossible to use against real users, having had second thoughts about the morality of his creation. He wrote the program in 2006 for a private company, ERA IT Solutions, which alledgedly sold it on to an agency of the Swiss government to use in remote surveillance activities.

Now Symantec and Trend Micro have reported that a Windows Trojan with remarkably similar characteristics has turned up in their detection systems, Trojan.PeskySpy in Symantec nomenclature, and Troj_Spayke.C to Trend. Neither company states openly that the Trojan detected is related to Unteregger's open source creation, but there are enough clues to forge a strong connection.

Symantec describes how the Trojan intercepts API calls to Skype, capturing and storing audio conversations as MP3 files with caller, date, day and time stamps to identify them, and SkypeOut and SkypeIn call designations. The Trojans then attempts to upload the recordings to pre-defined locations after detecting and attempting to bypass named firewall filters.

My cynical mind immediately sees the possibility for commercial espionage by targeting specific people in specific companies using Skype, and blackmail for those caught having illicit conversations (affairs, drug buys etc)

The only real problem is finding the goodies in the middle of the mush, Skype tell me right now that over 12 million people are using it. How do you sort out the wheat from the chaff?

More to the point, how safe do you feel about your internet use being sheltered by the crowd? Is that a sufficiently safe approach for most of what you do? What about the critical stuff like your bank access? How do you protect yourself their?

Comments open as usual.

Welcome back to Groupings blog. Now that you are a regular, please feel free to comment on any story that you feel comfortable with.