lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <cfc1a1cba75add2bc1a5dc6c255d69d2.squirrel@gameframe.net> Date: Mon, 10 Oct 2011 02:16:08 +0300 From: nix@...roxylists.com To: "You Got Pwned" <yougotpwned6@...glemail.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Possible German Governmental Backdoor found ("R2D2") > Hi List, > > i thougt this could be interesting. My english is not very good so i > copied > the following information from FSecure ( > http://www.f-secure.com/weblog/archives/00002249.html) > > "Chaos Computer Club from Germany has tonight announced that they have > located a backdoor trojan used by the German Goverment. > > The announcment was made public on ccc.de <http://www.ccc.de/> with a > detailed 20-page analysis of the functionality of the malware. Download > the > report in > PDF<http://www.ccc.de/system/uploads/76/original/staatstrojaner-report23.pdf>(in > German) > > The malware in question is a Windows backdoor consisting of a DLL and a > kernel driver. > > The backdoor includes a keylogger that targets certain applications. These > applications include *Firefox, Skype, MSN Messenger, ICQ* and others. > > The backdoor also contains code intended to take screenshots and record > audio, including recording Skype calls. > > In addition, the backdoor can be remotely updated. Servers that it > connects > to include 83.236.140.90 and 207.158.22.134" > > According to CCC Germany the backdoor could also be exploited by third > parties. You can download it from > http://www.ccc.de/system/uploads/77/original/0zapftis-release.tgz . > You'll > need gzip and tar to get the .dll and the .sys file. Based on what they think the german goverment is behind this trojan? >>From F-Secure: >We have never before analysed a sample that has been suspected to be >governmental backdoor. We have also never been asked by any government to >avoid detecting their backdoors. Is not it obvious? Which goverment want to say it 'Hi, we do this shit too ... ' _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists