Mailing List Archive

detecting TOM-skype?
Hi there

As some of you have no doubt heard, the Chinese version of Skype has
been found to contain a backdoor which logs all IM conversations that
occur and transmits them up to a server where (no doubt) the Chinese
authorities classify them, etc.

I for one would like to know how many copies of this version of Skype
are floating around our network - especially if it's ended up within our
non-Chinese networks. Can Tenable use its "checksumming" APIs to detect
this? And no, I don't have a copy of such a version (yet)



Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

Nessus mailing list
Re: detecting TOM-skype? [ In reply to ]
On Oct 6, 2008, at 5:23 PM, Jason Haar wrote:

> Can Tenable use its "checksumming" APIs to detect
> this?

We just published plugin #34361 to detect it remotely, based on the
stack timestamp of the remote Skype node.


Nessus mailing list