Re: Possible German Governmental Backdoor found ("R2D2")

[xD 0x41 <secn3t () gmail com>]

Ta , ill take a look.. very interesting, id love to see src code ;p
That would be in whose hands,... i wonder..hehe.. maybe gov orjustr very
very smart hax0r...


On 10 October 2011 10:21, You Got Pwned <yougotpwned6 () googlemail com> wrote:

> gunzip the archive then use tar. I also made a zip file which contains the
> extracted .dll and the .sys file and uploaded it here<http://www.2shared.com/file/QWyk-yCp/bundestrojaner.html>
> .
>
>
> 2011/10/10 xD 0x41 <secn3t () gmail com>
>
> > Interesting... although that archive seems corrupt... id like to see abit
> > more about this but, very interesting indeed.. specially skype id
> > harvesting, what could this be for.
> > hrms
> > xd
> >
> >
> >  On 10 October 2011 07:13, <james () smithwaysecurity com> wrote:
> >
> > >   On Sun, 9 Oct 2011 16:31:53 +0200, You Got Pwned
> > >  <yougotpwned6 () googlemail com> wrote:
> > > > Hi List,
> > > >
> > > > i thougt this could be interesting. My english is not very good so i
> > > > copied the following information from FSecure
> > > > (http://www.f-secure.com/weblog/archives/00002249.html [1])
> > > >
> > > > "Chaos Computer Club from Germany has tonight announced that they
> > > > have located a backdoor trojan used by the German Goverment.
> > > >
> > > > The announcment was made public on ccc.de [2] with a detailed 20-page
> > > > analysis of the functionality of the malware. Download the report in
> > > > PDF [3] (in German)
> > > >
> > > > The malware in question is a Windows backdoor consisting of a DLL and
> > > > a kernel driver.
> > > >
> > > > The backdoor includes a keylogger that targets certain applications.
> > > > These applications include FIREFOX, SKYPE, MSN MESSENGER, ICQ and
> > > > others.
> > > >
> > > > The backdoor also contains code intended to take screenshots and
> > > > record audio, including recording Skype calls.
> > > >
> > > > In addition, the backdoor can be remotely updated. Servers that it
> > > > connects to include 83.236.140.90 [4] and 207.158.22.134"
> > > >
> > > > According to CCC Germany the backdoor could also be exploited by
> > > > third parties. You can download it from
> > > > http://www.ccc.de/system/uploads/77/original/0zapftis-release.tgz
> > > > [5]  . You'll need gzip and tar to get the .dll and the .sys file.
> > > >
> > > >
> > > > Links:
> > > > ------
> > > > [1] http://www.f-secure.com/weblog/archives/00002249.html
> > > > [2] http://www.ccc.de/
> > > > [3]
> > > http://www.ccc.de/system/uploads/76/original/staatstrojaner-report23.pdf
> > > > [4] http://webmail.0m3ga.net/tel:83.236.140.90
> > > > [5] http://www.ccc.de/system/uploads/77/original/0zapftis-release.tgz
> > >
> > >  I was looking at this just late last night.
> > >
> > > _______________________________________________
> > > Full-Disclosure - We believe in it.
> > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > Hosted and sponsored by Secunia - http://secunia.com/
> >
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/