lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <cfc1a1cba75add2bc1a5dc6c255d69d2.squirrel@gameframe.net>
Date: Mon, 10 Oct 2011 02:16:08 +0300
From: nix@...roxylists.com
To: "You Got Pwned" <yougotpwned6@...glemail.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Possible German Governmental Backdoor found
 ("R2D2")

> Hi List,
>
> i thougt this could be interesting. My english is not very good so i
> copied
> the following information from FSecure (
> http://www.f-secure.com/weblog/archives/00002249.html)
>
> "Chaos Computer Club from Germany has tonight announced that they have
> located a backdoor trojan used by the German Goverment.
>
> The announcment was made public on ccc.de <http://www.ccc.de/> with a
> detailed 20-page analysis of the functionality of the malware. Download
> the
> report in
> PDF<http://www.ccc.de/system/uploads/76/original/staatstrojaner-report23.pdf>(in
> German)
>
> The malware in question is a Windows backdoor consisting of a DLL and a
> kernel driver.
>
> The backdoor includes a keylogger that targets certain applications. These
> applications include *Firefox, Skype, MSN Messenger, ICQ* and others.
>
> The backdoor also contains code intended to take screenshots and record
> audio, including recording Skype calls.
>
> In addition, the backdoor can be remotely updated. Servers that it
> connects
> to include 83.236.140.90 and 207.158.22.134"
>
> According to CCC Germany the backdoor could also be exploited by third
> parties. You can download it from
> http://www.ccc.de/system/uploads/77/original/0zapftis-release.tgz  .
> You'll
> need gzip and tar to get the .dll and the .sys file.

Based on what they think the german goverment is behind this trojan?

>>From F-Secure:

>We have never before analysed a sample that has been suspected to be
>governmental backdoor. We have also never been asked by any government
to >avoid detecting their backdoors.

Is not it obvious? Which goverment want to say it 'Hi, we do this shit too
... '





_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists