Trojan vendor dishes the Dirt

[InfoSec News <isn () c4i org>]

http://www.vnunet.com/News/1122902

By James Middleton 
07 Jun 2001

Codex Data Systems, marketers of the controversial Dirt Trojan, has
rubbished claims that the product does not actually exist. Eddie
James, vice president of Codex, told vnunet.com: "Dirt has been
available since 1998. It is in use by a number of law enforcement
agencies."

James also claimed that organisations such as Nato and the Hi-tech
Crime Investigators Association have expressed interest in the
product.

"The only reason it is of interest now is because someone got hold of
a marketing presentation that was not for public disclosure. In fact,
the product's existence was not meant to be public knowledge," he
said, adding that "if we find that person we will file a criminal
complaint through the Secret Service".

James said that he would "love to demonstrate the tool", but since
vnunet.com is not an officially recognised law enforcement agency, he
could not.

The reputation of Codex has been called into question after it was
revealed by UK news website theregister that company chief executive
Frank Jones is a convicted felon and known fraudster currently on
probation for illegal possession of surveillance devices.

James was forced to acknowledge that the only reason Dirt is
undetectable by antivirus software is because no antivirus company has
ever seen it, and that it could only be used as a "last resort" tool
after obtaining a court order.

As for the ability to bypass firewalls, done by killing the process in
the operating system, there is no explanation as to how it attacks the
firewall in the first place.

However, Paul Rogers, network security analyst at MIS, who has met the
company, said he was very impressed with the standard of keyloggers
Codex offered, but as he had not seen Dirt in action, he remained
sceptical.

The rumours have also been fuelled by newsgroup postings from people
claiming to have seen demonstrations of Dirt. One such posting on the
Cypherpunk Hyperarchive said that Dirt it is "not much more than
BackOrifice, NetBus, VNC or PC Anywhere, for that matter".

"It has a bit more capability than some of those, in that it will act
as something similar to an FTP server and a keystroke capture tool.
But any programmer with 2nd year C programming and a Win32 compiler
can download VNC and add stuff to it to do the same thing," it added.






ISN is hosted by SecurityFocus.com
---
To unsubscribe email isn-unsubscribe () SecurityFocus com.