The AP is reporting a Skype virus making the rounds can record phone calls made over the service, save the audio as an MP3, and email it to other computers. The hack taps into the computer’s OS to record the computer’s audio before it’s encrypted by Skype.

Mudge

Former L0pht Heavy Industries hacker Mudge, aka Peiter Zatko, a security researcher at BBN Technologies, just got back from Italy to find BBN had been bought by Raytheon. Via email, he said the Skype virus tactic isn’t new, comparing it to hackers stealing banking information by recording keystrokes. 

“The fact that this is relatively well known does not speak well for the progress that our consumer computer security has made over the years,” he said. 

The issue stems from the multitasking we demand from our computers — different applications have different security needs, but the OS doesn’t serve them.

“Would you be happy if you could play video games and listen to online music at the ATM when you walk in to your bank? I wouldn’t. I want that system to be specific and dedicated to processing my bank requests,” Mudge said.

The AP report suggests the virus works better as a targeted attack, rather than a widespread virus. To defend against it, Mudge suggests disabling Javascript and similar  programs in your browser; disabling HTML and content rendering in e-mail programs; being savvy about e-mail attachments and links and Internet sites; and running each application on a separate virtual machine, then reverting to a clean install state. And he said all that is just a start.  

“Once your computer is compromised, it doesn’t matter if you are using encrypted network communications … you’ve lost,” he said.