{"id":3212,"date":"2011-10-20T17:13:35","date_gmt":"2011-10-20T16:13:35","guid":{"rendered":"https:\/\/www.darknet.org.uk\/?p=3212"},"modified":"2015-09-09T19:37:05","modified_gmt":"2015-09-09T11:37:05","slug":"german-federal-trojan-0zapftisbundestrojaner-eavesdrops-on-skype-ie-firefox-msn-messenger-more","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2011\/10\/german-federal-trojan-0zapftisbundestrojaner-eavesdrops-on-skype-ie-firefox-msn-messenger-more\/","title":{"rendered":"German Federal Trojan (0zapftis\/Bundestrojaner) Eavesdrops On Skype, IE, Firefox, MSN Messenger & More"},"content":{"rendered":"

It’s always good to have some news about government conspiracy theories, or in this case government propagated malware. The last case I remember reporting on was – Tunisia Running Country Wide Facebook, Gmail & Yahoo! Password Capture<\/a>.<\/p>\n

Now whilst we wouldn’t quite expect that kind of oppressive behaviour from a country like Germany, they do seem to have a law enforcement monitoring trojan which is pretty nasty.<\/p>\n

The trojan was initially examined by the infamous hacking group from Germany itself – Chaos Computer Club (CCC) and was apparently first discovered by Kaspersky<\/a> Lab.<\/p>\n

A Trojan used by German law enforcement authorities to intercept Internet phone calls is capable of monitoring traffic from 15 programs, including browsers and instant messaging applications.<\/p>\n

The discovery was made by malware analysts from antivirus vendor Kaspersky Lab, who took apart the so-called lawful surveillance software, dubbed 0zapftis, Bundestrojaner or R2D2 by the security community. The Trojan was initially analyzed by famous German hacker collective the Chaos Computer Club (CCC), which determined that Skype is one of its targets.<\/p>\n

The Trojan’s installer deploys five components, each with a different purpose, and Kaspersky has analyzed all of them, said Tillmann Werner, a security researcher with Kaspersky in Germany.<\/p>\n

“Amongst the new things we found in there are two rather interesting ones: Firstly, this version is not only capable of running on 32 bit systems; it also includes support for 64 bit versions of Windows,” he said. “Secondly, the list of target processes to monitor is longer than the one mentioned in the CCC report. The number of applications infected by the various components is 15 in total.”<\/p><\/blockquote>\n

The trojan seems quite complex and technically quite adept – it had the capability to deploy various components in both 32-bit and 64-bit Windows operating systems.<\/p>\n

It can infect 15 different applications, most of which are quite commonly found and prevalent on the majority of Windows based machines. Instant messaging (IM) software such as MSN Messenger, Yahoo! Messenger, Skype are covered and the major browsers (IE, Firefox and Opera).<\/p>\n

It’s surprising to see Chrome<\/a> is not in the list, it could be an editorial exclusion or it could just be the fact that Chrome is in fact pretty secure<\/a> and they weren’t able to hijack it successfully.<\/p>\n