Symantec reports that it has observed the public release of source code for a Trojan that targets Skype users.
The Trojan.Peskyspy records a voice call and stores it as an mp3 file for transmission later.
Once a machine has been compromised by this threat, the threat can use an application that handles audio processing within a computer and save the call data as an MP3 file. This MP3 is then sent over the Internet to a predefined server where the attacker can then listen to the recorded conversations. Recording the call as an MP3 keeps the size of the audio files low and means there is less data to be transferred over the network, helping to speed up the transfer and avoid detection.
Symantec says the threat risk is low but since the code is publicly available we will likely see "customised" threats from malware authors.
With this particular Trojan it seems malware creators would need to have a lot of time on their hands to go through hours of Skype audio files. And to find what? My skype calls are fairly mundane. I mainly call my mom on Skype. Hackers are welcome to those recordings...