| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 09 Oct 2011 21:20:51 -0400
From: <james@...thwaysecurity.com>
To: <secn3t@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Possible German Governmental Backdoor found
("R2D2")
It has some valid uses for sure. Well the Skype id harvesting and sound
recording can be used for Counter Intelligence- terrorism operations.
But that's just theory.
On Mon, 10 Oct 2011 09:51:24 +1100, xD 0x41 <secn3t@...il.com> wrote:
> Interesting... although that archive seems corrupt... id like to see
> abit more about this but, very interesting indeed.. specially skype
> id
> harvesting, what could this be for.
> hrms
> xd
>
> On 10 October 2011 07:13, wrote:
> On Sun, 9 Oct 2011 16:31:53 +0200, You Got Pwned
> wrote:
> > Hi List,
> >
> > i thougt this could be interesting. My english is not very good so
> i
> > copied the following information from FSecure
> > (http://www.f-secure.com/weblog/archives/00002249.html [3] [1])
> >
> > "Chaos Computer Club from Germany has tonight announced that they
> > have located a backdoor trojan used by the German Goverment.
> >
> > The announcment was made public on ccc.de [4] [2] with a detailed
> 20-page
> > analysis of the functionality of the malware. Download the report
> in
> > PDF [3] (in German)
> >
> > The malware in question is a Windows backdoor consisting of a DLL
> and
> > a kernel driver.
> >
> > The backdoor includes a keylogger that targets certain
> applications.
> > These applications include FIREFOX, SKYPE, MSN MESSENGER, ICQ and
> > others.
> >
> > The backdoor also contains code intended to take screenshots and
> > record audio, including recording Skype calls.
> >
> > In addition, the backdoor can be remotely updated. Servers that it
> > connects to include 83.236.140.90 [4] and 207.158.22.134"
> >
> > According to CCC Germany the backdoor could also be exploited by
> > third parties. You can download it from
> > http://www.ccc.de/system/uploads/77/original/0zapftis-release.tgz
> [5]
> > [5] . You'll need gzip and tar to get the .dll and the .sys
> file.
> >
> >
> > Links:
> > ------
> > [1] http://www.f-secure.com/weblog/archives/00002249.html [6]
> > [2] http://www.ccc.de/ [7]
> > [3]
> >
> >
>
> http://www.ccc.de/system/uploads/76/original/staatstrojaner-report23.pdf
> [8]
> > [4] http://webmail.0m3ga.net/tel:83.236.140.90 [9]
> > [5]
> http://www.ccc.de/system/uploads/77/original/0zapftis-release.tgz
> [10]
>
> I was looking at this just late last night.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html [11]
> Hosted and sponsored by Secunia - http://secunia.com/ [12]
>
>
> Links:
> ------
> [1] mailto:james@...thwaysecurity.com
> [2] mailto:yougotpwned6@...glemail.com
> [3] http://www.f-secure.com/weblog/archives/00002249.html
> [4] http://ccc.de
> [5] http://www.ccc.de/system/uploads/77/original/0zapftis-release.tgz
> [6] http://www.f-secure.com/weblog/archives/00002249.html
> [7] http://www.ccc.de/
> [8]
>
> http://www.ccc.de/system/uploads/76/original/staatstrojaner-report23.pdf
> [9] http://webmail.0m3ga.net/tel:83.236.140.90
> [10]
> http://www.ccc.de/system/uploads/77/original/0zapftis-release.tgz
> [11] http://lists.grok.org.uk/full-disclosure-charter.html
> [12] http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists