[Dshield] "New" Trojan: DIRT
smy at gcmlp.com
Mon Mar 18 16:17:32 GMT 2002
That's a good reason to use Kaspersky anti-virus. Since they're based in
Moscow and have a lot of international customers, there's less reason for
them to ignore Magic Lantern.
For the record, I'm not actually concerned about Magic Lantern, just Trojans
based on it. After all, if law enforcement is installing this on the bad
machines, some of the bad guys are going to figure it out and possibly
find a way to use it for their own benefit.
From: Jonathan G. Lampe [mailto:jonathan at stdnet.com]
Sent: Friday, March 15, 2002 2:05 PM
To: list at dshield.org
Subject: [Dshield] "New" Trojan: DIRT
DIRT, a program being marketed to law enforcement as a remote key capturer
and file grabber (http://www.codexdatasystems.com/) has been "released" to
the public. (http://www.theregister.co.uk/content/55/24433.html)
Functionally similar to Back Orifice, DIRT was nabbed a few days ago -
today the same sites which have been mirroring the borrowed software (which
required a key) also have working versions for download - hence the
"release" of this little toy.
Most troubling for SysAdmins is the debate brewing over "detectability" of
DIRT. Some claim the codebase of DIRT and the FBI's "Magic Lantern" is
similar and not by accident
(http://cryptome.org/dirty-lantern.htm). Although the major anti-virus
vendors have said that they will detect and clean Magic Lantern, some
analysts doubt their sincerity
In other words, the worry was that an alleged back door set up for use by
the FBI might be exploited by others misusing Magic Lantern or using tools
with signatures similar to Magic Lantern - and one of those tools (DIRT)
may just have entered the wild.
Happy St. Pat's,
- Jonathan Lampe, GSNA, GCIA, etc.
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
More information about the list