[Dshield] "New" Trojan: DIRT

Jonathan G. Lampe jonathan at stdnet.com
Fri Mar 15 20:04:41 GMT 2002


DIRT, a program being marketed to law enforcement as a remote key capturer 
and file grabber (http://www.codexdatasystems.com/) has been "released" to 
the public.  (http://www.theregister.co.uk/content/55/24433.html)

Functionally similar to Back Orifice, DIRT was nabbed a few days ago - 
today the same sites which have been mirroring the borrowed software (which 
required a key) also have working versions for download - hence the 
"release" of this little toy.

Most troubling for SysAdmins is the debate brewing over "detectability" of 
DIRT.  Some claim the  codebase of DIRT and the FBI's "Magic Lantern" is 
similar and not by accident 
(http://cryptome.org/dirty-lantern.htm).  Although the major anti-virus 
vendors have said that they will detect and clean Magic Lantern, some 
analysts doubt their sincerity 
(http://netsecurity.about.com/library/weekly/aa121901a.htm, 
http://www.wired.com/news/conflict/0,2100,48648,00.html, 
http://www.washingtonpost.com/ac2/wp-dyn?pagename=article&node=&contentId=A3371-2001Nov22&notFound=true). 


In other words, the worry was that an alleged back door set up for use by 
the FBI might be exploited by others misusing Magic Lantern or using tools 
with signatures similar to Magic Lantern - and one of those tools (DIRT) 
may just have entered the wild.

Happy St. Pat's,

- Jonathan Lampe, GSNA, GCIA, etc.  




More information about the list mailing list