[Dshield] "New" Trojan: DIRT
Jonathan G. Lampe
jonathan at stdnet.com
Fri Mar 15 20:04:41 GMT 2002
DIRT, a program being marketed to law enforcement as a remote key capturer
and file grabber (http://www.codexdatasystems.com/) has been "released" to
the public. (http://www.theregister.co.uk/content/55/24433.html)
Functionally similar to Back Orifice, DIRT was nabbed a few days ago -
today the same sites which have been mirroring the borrowed software (which
required a key) also have working versions for download - hence the
"release" of this little toy.
Most troubling for SysAdmins is the debate brewing over "detectability" of
DIRT. Some claim the codebase of DIRT and the FBI's "Magic Lantern" is
similar and not by accident
(http://cryptome.org/dirty-lantern.htm). Although the major anti-virus
vendors have said that they will detect and clean Magic Lantern, some
analysts doubt their sincerity
In other words, the worry was that an alleged back door set up for use by
the FBI might be exploited by others misusing Magic Lantern or using tools
with signatures similar to Magic Lantern - and one of those tools (DIRT)
may just have entered the wild.
Happy St. Pat's,
- Jonathan Lampe, GSNA, GCIA, etc.
More information about the list