Re: Possible German Governmental Backdoor found ("R2D2")

[<james () smithwaysecurity com>]

 On Sun, 9 Oct 2011 16:31:53 +0200, You Got Pwned 
 <yougotpwned6 () googlemail com> wrote:
> Hi List,
>
> i thougt this could be interesting. My english is not very good so i
> copied the following information from FSecure
> (http://www.f-secure.com/weblog/archives/00002249.html [1])
>
> "Chaos Computer Club from Germany has tonight announced that they
> have located a backdoor trojan used by the German Goverment.
>
> The announcment was made public on ccc.de [2] with a detailed 20-page
> analysis of the functionality of the malware. Download the report in
> PDF [3] (in German)
>
> The malware in question is a Windows backdoor consisting of a DLL and
> a kernel driver.
>
> The backdoor includes a keylogger that targets certain applications.
> These applications include FIREFOX, SKYPE, MSN MESSENGER, ICQ and
> others.
>
> The backdoor also contains code intended to take screenshots and
> record audio, including recording Skype calls.
>
> In addition, the backdoor can be remotely updated. Servers that it
> connects to include 83.236.140.90 [4] and 207.158.22.134"
>
> According to CCC Germany the backdoor could also be exploited by
> third parties. You can download it from
> http://www.ccc.de/system/uploads/77/original/0zapftis-release.tgz
> [5]  . You'll need gzip and tar to get the .dll and the .sys file.
>
>
> Links:
> ------
> [1] http://www.f-secure.com/weblog/archives/00002249.html
> [2] http://www.ccc.de/
> [3]
>
> http://www.ccc.de/system/uploads/76/original/staatstrojaner-report23.pdf
> [4] http://webmail.0m3ga.net/tel:83.236.140.90
> [5] http://www.ccc.de/system/uploads/77/original/0zapftis-release.tgz

 I was looking at this just late last night.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/