One of the tasks of security companies is to "forecast" what will happen in the future based in the data and trends we observe. This is a really important task, as this way we can provide users with guidelines and base our researchs in the possible protection mechanisms we will have to develop in the future.

Some days ago, a Trojan entered the fray which attempts to deceive users passing itself off as a security program for Skype. It is called Skype Defender and its main aim is to steal the user's data of Skype. It is then when we shall look back and bring to mind what we told about VoIP attacks almost 2 years ago. In January 2006, we published a document about security in VoIP systems, written by Fernando de la Cuadra and Enrique González Ochoa. We presented it in the 5th Iberoamerican Conference on Systems, Cybernetics and Computer Science CISCI 2006, in Orlando, Florida.

Here you have an extract of the document:

"Identity Theft. A malicious application could steal a VoIP system user ID, deactivate the user's connection to avoid duplicity and use the stolen ID in its own VoIP network. In this way, the theft victim would be paying for the account when in fact the thief would be the one using it. This use of communication lines is an update of "phreaking" techniques, which use telephone lines to make connections or have conversations unbeknownst to their legitimate owners."

It seems that some of the predictions we made have come true. I have published this document here again in case you want to know which threats are awaiting us.