[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Possible German Governmental Backdoor found ("R2D2")
- To: "You Got Pwned" <yougotpwned6@xxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] Possible German Governmental Backdoor found ("R2D2")
- From: nix@xxxxxxxxxxxxxxxx
- Date: Mon, 10 Oct 2011 02:16:08 +0300
> Hi List,
>
> i thougt this could be interesting. My english is not very good so i
> copied
> the following information from FSecure (
> http://www.f-secure.com/weblog/archives/00002249.html)
>
> "Chaos Computer Club from Germany has tonight announced that they have
> located a backdoor trojan used by the German Goverment.
>
> The announcment was made public on ccc.de <http://www.ccc.de/> with a
> detailed 20-page analysis of the functionality of the malware. Download
> the
> report in
> PDF<http://www.ccc.de/system/uploads/76/original/staatstrojaner-report23.pdf>(in
> German)
>
> The malware in question is a Windows backdoor consisting of a DLL and a
> kernel driver.
>
> The backdoor includes a keylogger that targets certain applications. These
> applications include *Firefox, Skype, MSN Messenger, ICQ* and others.
>
> The backdoor also contains code intended to take screenshots and record
> audio, including recording Skype calls.
>
> In addition, the backdoor can be remotely updated. Servers that it
> connects
> to include 83.236.140.90 and 207.158.22.134"
>
> According to CCC Germany the backdoor could also be exploited by third
> parties. You can download it from
> http://www.ccc.de/system/uploads/77/original/0zapftis-release.tgz .
> You'll
> need gzip and tar to get the .dll and the .sys file.
Based on what they think the german goverment is behind this trojan?
>From F-Secure:
>We have never before analysed a sample that has been suspected to be
>governmental backdoor. We have also never been asked by any government
to >avoid detecting their backdoors.
Is not it obvious? Which goverment want to say it 'Hi, we do this shit too
... '
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/