[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Possible German Governmental Backdoor found ("R2D2")
- To: secn3t@xxxxxxxxx
- Subject: Re: [Full-disclosure] Possible German Governmental Backdoor found ("R2D2")
- From: You Got Pwned <yougotpwned6@xxxxxxxxxxxxxx>
- Date: Mon, 10 Oct 2011 01:21:20 +0200
gunzip the archive then use tar. I also made a zip file which contains the
extracted .dll and the .sys file and uploaded it
here<http://www.2shared.com/file/QWyk-yCp/bundestrojaner.html>
.
2011/10/10 xD 0x41 <secn3t@xxxxxxxxx>
> Interesting... although that archive seems corrupt... id like to see abit
> more about this but, very interesting indeed.. specially skype id
> harvesting, what could this be for.
> hrms
> xd
>
>
> On 10 October 2011 07:13, <james@xxxxxxxxxxxxxxxxxxxx> wrote:
>
>> On Sun, 9 Oct 2011 16:31:53 +0200, You Got Pwned
>> <yougotpwned6@xxxxxxxxxxxxxx> wrote:
>> > Hi List,
>> >
>> > i thougt this could be interesting. My english is not very good so i
>> > copied the following information from FSecure
>> > (http://www.f-secure.com/weblog/archives/00002249.html [1])
>> >
>> > "Chaos Computer Club from Germany has tonight announced that they
>> > have located a backdoor trojan used by the German Goverment.
>> >
>> > The announcment was made public on ccc.de [2] with a detailed 20-page
>> > analysis of the functionality of the malware. Download the report in
>> > PDF [3] (in German)
>> >
>> > The malware in question is a Windows backdoor consisting of a DLL and
>> > a kernel driver.
>> >
>> > The backdoor includes a keylogger that targets certain applications.
>> > These applications include FIREFOX, SKYPE, MSN MESSENGER, ICQ and
>> > others.
>> >
>> > The backdoor also contains code intended to take screenshots and
>> > record audio, including recording Skype calls.
>> >
>> > In addition, the backdoor can be remotely updated. Servers that it
>> > connects to include 83.236.140.90 [4] and 207.158.22.134"
>> >
>> > According to CCC Germany the backdoor could also be exploited by
>> > third parties. You can download it from
>> > http://www.ccc.de/system/uploads/77/original/0zapftis-release.tgz
>> > [5] . You'll need gzip and tar to get the .dll and the .sys file.
>> >
>> >
>> > Links:
>> > ------
>> > [1] http://www.f-secure.com/weblog/archives/00002249.html
>> > [2] http://www.ccc.de/
>> > [3]
>> >
>> >
>> http://www.ccc.de/system/uploads/76/original/staatstrojaner-report23.pdf
>> > [4] http://webmail.0m3ga.net/tel:83.236.140.90
>> > [5] http://www.ccc.de/system/uploads/77/original/0zapftis-release.tgz
>>
>> I was looking at this just late last night.
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/