lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <6bb47d9664ee9d5f26303e5c4ef19db6@smithwaysecurity.com> Date: Sun, 09 Oct 2011 21:20:51 -0400 From: <james@...thwaysecurity.com> To: <secn3t@...il.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Possible German Governmental Backdoor found ("R2D2") It has some valid uses for sure. Well the Skype id harvesting and sound recording can be used for Counter Intelligence- terrorism operations. But that's just theory. On Mon, 10 Oct 2011 09:51:24 +1100, xD 0x41 <secn3t@...il.com> wrote: > Interesting... although that archive seems corrupt... id like to see > abit more about this but, very interesting indeed.. specially skype > id > harvesting, what could this be for. > hrms > xd > > On 10 October 2011 07:13, wrote: > On Sun, 9 Oct 2011 16:31:53 +0200, You Got Pwned > wrote: > > Hi List, > > > > i thougt this could be interesting. My english is not very good so > i > > copied the following information from FSecure > > (http://www.f-secure.com/weblog/archives/00002249.html [3] [1]) > > > > "Chaos Computer Club from Germany has tonight announced that they > > have located a backdoor trojan used by the German Goverment. > > > > The announcment was made public on ccc.de [4] [2] with a detailed > 20-page > > analysis of the functionality of the malware. Download the report > in > > PDF [3] (in German) > > > > The malware in question is a Windows backdoor consisting of a DLL > and > > a kernel driver. > > > > The backdoor includes a keylogger that targets certain > applications. > > These applications include FIREFOX, SKYPE, MSN MESSENGER, ICQ and > > others. > > > > The backdoor also contains code intended to take screenshots and > > record audio, including recording Skype calls. > > > > In addition, the backdoor can be remotely updated. Servers that it > > connects to include 83.236.140.90 [4] and 207.158.22.134" > > > > According to CCC Germany the backdoor could also be exploited by > > third parties. You can download it from > > http://www.ccc.de/system/uploads/77/original/0zapftis-release.tgz > [5] > > [5] . You'll need gzip and tar to get the .dll and the .sys > file. > > > > > > Links: > > ------ > > [1] http://www.f-secure.com/weblog/archives/00002249.html [6] > > [2] http://www.ccc.de/ [7] > > [3] > > > > > > http://www.ccc.de/system/uploads/76/original/staatstrojaner-report23.pdf > [8] > > [4] http://webmail.0m3ga.net/tel:83.236.140.90 [9] > > [5] > http://www.ccc.de/system/uploads/77/original/0zapftis-release.tgz > [10] > > I was looking at this just late last night. > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html [11] > Hosted and sponsored by Secunia - http://secunia.com/ [12] > > > Links: > ------ > [1] mailto:james@...thwaysecurity.com > [2] mailto:yougotpwned6@...glemail.com > [3] http://www.f-secure.com/weblog/archives/00002249.html > [4] http://ccc.de > [5] http://www.ccc.de/system/uploads/77/original/0zapftis-release.tgz > [6] http://www.f-secure.com/weblog/archives/00002249.html > [7] http://www.ccc.de/ > [8] > > http://www.ccc.de/system/uploads/76/original/staatstrojaner-report23.pdf > [9] http://webmail.0m3ga.net/tel:83.236.140.90 > [10] > http://www.ccc.de/system/uploads/77/original/0zapftis-release.tgz > [11] http://lists.grok.org.uk/full-disclosure-charter.html > [12] http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists