| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 10 Oct 2011 11:07:16 +1100
From: xD 0x41 <secn3t@...il.com>
To: You Got Pwned <yougotpwned6@...glemail.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Possible German Governmental Backdoor found
("R2D2")
Ta , ill take a look.. very interesting, id love to see src code ;p
That would be in whose hands,... i wonder..hehe.. maybe gov orjustr very
very smart hax0r...
On 10 October 2011 10:21, You Got Pwned <yougotpwned6@...glemail.com> wrote:
> gunzip the archive then use tar. I also made a zip file which contains the
> extracted .dll and the .sys file and uploaded it here<http://www.2shared.com/file/QWyk-yCp/bundestrojaner.html>
> .
>
>
> 2011/10/10 xD 0x41 <secn3t@...il.com>
>
>> Interesting... although that archive seems corrupt... id like to see abit
>> more about this but, very interesting indeed.. specially skype id
>> harvesting, what could this be for.
>> hrms
>> xd
>>
>>
>> On 10 October 2011 07:13, <james@...thwaysecurity.com> wrote:
>>
>>> On Sun, 9 Oct 2011 16:31:53 +0200, You Got Pwned
>>> <yougotpwned6@...glemail.com> wrote:
>>> > Hi List,
>>> >
>>> > i thougt this could be interesting. My english is not very good so i
>>> > copied the following information from FSecure
>>> > (http://www.f-secure.com/weblog/archives/00002249.html [1])
>>> >
>>> > "Chaos Computer Club from Germany has tonight announced that they
>>> > have located a backdoor trojan used by the German Goverment.
>>> >
>>> > The announcment was made public on ccc.de [2] with a detailed 20-page
>>> > analysis of the functionality of the malware. Download the report in
>>> > PDF [3] (in German)
>>> >
>>> > The malware in question is a Windows backdoor consisting of a DLL and
>>> > a kernel driver.
>>> >
>>> > The backdoor includes a keylogger that targets certain applications.
>>> > These applications include FIREFOX, SKYPE, MSN MESSENGER, ICQ and
>>> > others.
>>> >
>>> > The backdoor also contains code intended to take screenshots and
>>> > record audio, including recording Skype calls.
>>> >
>>> > In addition, the backdoor can be remotely updated. Servers that it
>>> > connects to include 83.236.140.90 [4] and 207.158.22.134"
>>> >
>>> > According to CCC Germany the backdoor could also be exploited by
>>> > third parties. You can download it from
>>> > http://www.ccc.de/system/uploads/77/original/0zapftis-release.tgz
>>> > [5] . You'll need gzip and tar to get the .dll and the .sys file.
>>> >
>>> >
>>> > Links:
>>> > ------
>>> > [1] http://www.f-secure.com/weblog/archives/00002249.html
>>> > [2] http://www.ccc.de/
>>> > [3]
>>> >
>>> >
>>> http://www.ccc.de/system/uploads/76/original/staatstrojaner-report23.pdf
>>> > [4] http://webmail.0m3ga.net/tel:83.236.140.90
>>> > [5] http://www.ccc.de/system/uploads/77/original/0zapftis-release.tgz
>>>
>>> I was looking at this just late last night.
>>>
>>> _______________________________________________
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists