Interesting People mailing list archives
IP: "PGP key stealing virus Caligula" -- handle with care
From: Dave Farber <farber () cis upenn edu>
Date: Sat, 06 Feb 1999 19:11:44 -0500
Date: Sat, 6 Feb 1999 16:27:02 -0500 (EST) From: Ken Williams <jkwilli2 () unity ncsu edu> "PGP key stealing virus Caligula" is available for download on the codebreakers site now - http://www.codebreakers.org/our_viruses.htm#virus-caligula -----from the web site----- WM97.Caligula.A "Virus Attacks: Espionage enabled viruses. Designed to collect/steal information. May be vertically targeted or horizontally deployed. There's a bright future for "espionage enabled" viruses. Consider a virus that spreads only to machines that have a copy of PGP. Countermeasures: Use virus checking software" -Quoted from: Practical Attacks on PGP by Joel McNamara Challenge accepted Joel! may i present: Virus Name: WM97/Caligula Author: Opic [CodeBreakers] Date: 1998 Info: Caligula is a Stealth WM97 SR1(2)-compatible virus. It is unique in the manner that it is one of the first espionage enabled viruses (ie: steals information). Caligula steals PGP Secret Keyrings from infected users and uploads them onto the internet. More specifically it uploads them to: CodeBreakers.Org The virus spreads to users regardless of if they own PGP or not (joel doesnt know much about propagation techniques) but it will only upload the infected users key once (to avoid uploading multiple copies of the key. Caligula places a marker in the Windows registry to signal the PGP theft has been sucessful. on the 31st of the month caligula displays a messagebox which reads: WM97/Caligula (c)Opic [CodeBreakers 1998] "No cia," "No nsa," "No satellite," "Could map our veins." and the following properties are also given to infected documents: Author: Opic Title: WM97/Caligula Infection Subject: A Study In Espionage Enabled Viruses. Comments: The Best Security Is Knowing The Other Guy Hasn't Got Any. Keywords: | Caligula | Opic | CodeBreakers | http://members.tripod.com/~opiccb/index.htm http://www.internetnews.com/prod-news/article/0,1087,9_64191,00.html http://www.zdnet.com/zdnn/stories/news/0,4586,2202965,00.html http://www.geocities.com/SiliconValley/Heights/3652/CALIG.HTM http://members.tripod.com/~opiccb/newsradio.zip ----- Ken Williams jkwilli2 () csc ncsu edu Packet Storm Security http://packetstorm.genocide2600.com/ Trinux: Linux Security Toolkit http://www.trinux.org/ ftp://ftp.trinux.org PGP DH/DSS/RSA Public Keys http://packetstorm.genocide2600.com/pgpkey/ E.H.A.P. VP & Head of Operations http://www.ehap.org/ tattooman () ehap org NCSU Computer Science http://www.csc.ncsu.edu/ jkwilli2 () csc ncsu edu
Current thread:
- IP: "PGP key stealing virus Caligula" -- handle with care Dave Farber (Feb 06)