Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

IP: "PGP key stealing virus Caligula" -- handle with care

From: Dave Farber <farber () cis upenn edu>
Date: Sat, 06 Feb 1999 19:11:44 -0500


Date: Sat, 6 Feb 1999 16:27:02 -0500 (EST)
From: Ken Williams <jkwilli2 () unity ncsu edu>

"PGP key stealing virus Caligula" is available for download on the
codebreakers site now -
http://www.codebreakers.org/our_viruses.htm#virus-caligula

-----from the web site-----

WM97.Caligula.A 
  "Virus Attacks:
  Espionage enabled viruses.  Designed to collect/steal information.
  May be vertically targeted or horizontally deployed.
  There's a bright future for "espionage enabled" viruses.  Consider a
  virus that spreads only to machines that have a copy of PGP.
  Countermeasures:
  Use virus checking software"
  -Quoted from: Practical Attacks on PGP by Joel McNamara
  Challenge accepted Joel! may i present:

  Virus Name: WM97/Caligula
  Author: Opic [CodeBreakers]
  Date: 1998
  Info: Caligula is a Stealth WM97 SR1(2)-compatible virus.
  It is unique in the manner that it is one of the first
  espionage enabled viruses (ie: steals information).
  Caligula steals PGP Secret Keyrings from infected users
  and uploads them onto the internet. More specifically
  it uploads them to: CodeBreakers.Org
  The virus spreads to users regardless of if they own PGP
  or not (joel doesnt know much about propagation techniques)
  but it will only upload the infected users key once (to
  avoid uploading multiple copies of the key. Caligula places
  a marker in the Windows registry to signal the PGP theft has
  been sucessful. on the 31st of the month caligula displays
  a messagebox which reads:
  WM97/Caligula (c)Opic [CodeBreakers 1998]
  "No cia,"
  "No nsa,"
  "No satellite,"
  "Could map our veins."

  and the following properties are also given to infected
  documents:

  Author:     Opic
  Title:      WM97/Caligula Infection
  Subject: A Study In Espionage Enabled Viruses.
  Comments: The Best Security Is Knowing The Other Guy Hasn't Got Any.
  Keywords: | Caligula | Opic | CodeBreakers |

  http://members.tripod.com/~opiccb/index.htm
  http://www.internetnews.com/prod-news/article/0,1087,9_64191,00.html
  http://www.zdnet.com/zdnn/stories/news/0,4586,2202965,00.html
  http://www.geocities.com/SiliconValley/Heights/3652/CALIG.HTM
  http://members.tripod.com/~opiccb/newsradio.zip

----- 

Ken Williams
jkwilli2 () csc ncsu edu 

Packet Storm Security                 http://packetstorm.genocide2600.com/
Trinux: Linux Security Toolkit http://www.trinux.org/ ftp://ftp.trinux.org
PGP DH/DSS/RSA Public Keys     http://packetstorm.genocide2600.com/pgpkey/
E.H.A.P. VP & Head of Operations http://www.ehap.org/   tattooman () ehap org
NCSU Computer Science      http://www.csc.ncsu.edu/  jkwilli2 () csc ncsu edu
Previous By Date Next
Previous By Thread Next

Current thread: