On Sun, 9 Oct 2011 16:31:53 +0200, You Got Pwned <yougotpwn...@googlemail.com> wrote: > Hi List, > > i thougt this could be interesting. My english is not very good so i > copied the following information from FSecure > (http://www.f-secure.com/weblog/archives/00002249.html [1]) > > "Chaos Computer Club from Germany has tonight announced that they > have located a backdoor trojan used by the German Goverment. > > The announcment was made public on ccc.de [2] with a detailed 20-page > analysis of the functionality of the malware. Download the report in > PDF [3] (in German) > > The malware in question is a Windows backdoor consisting of a DLL and > a kernel driver. > > The backdoor includes a keylogger that targets certain applications. > These applications include FIREFOX, SKYPE, MSN MESSENGER, ICQ and > others. > > The backdoor also contains code intended to take screenshots and > record audio, including recording Skype calls. > > In addition, the backdoor can be remotely updated. Servers that it > connects to include 83.236.140.90 [4] and 207.158.22.134" > > According to CCC Germany the backdoor could also be exploited by > third parties. You can download it from > http://www.ccc.de/system/uploads/77/original/0zapftis-release.tgz > [5] . You'll need gzip and tar to get the .dll and the .sys file. > > > Links: > ------ > [1] http://www.f-secure.com/weblog/archives/00002249.html > [2] http://www.ccc.de/ > [3] > > http://www.ccc.de/system/uploads/76/original/staatstrojaner-report23.pdf > [4] http://webmail.0m3ga.net/tel:83.236.140.90 > [5] http://www.ccc.de/system/uploads/77/original/0zapftis-release.tgz
I was looking at this just late last night. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/