Slashdot Mirror

← Back to Stories (view on slashdot.org)

German Surveillance Trojan Spies On Fifteen Apps

Posted by Unknown on from the father-knows-best dept.

itwbennett writes "Researchers from Kaspersky Lab have discovered that the R2D2 surveillance Trojan, which is used by German law enforcement to intercept Internet phone calls, is capable of monitoring traffic from popular browsers and instant messaging applications. 'Amongst the new things we found in there are two rather interesting ones: Firstly, this version is not only capable of running on 32 bit systems; it also includes support for 64 bit versions of Windows,' said Tillmann Werner, a security researcher with Kaspersky in Germany. 'Secondly, the list of target processes to monitor is longer than the one mentioned in the CCC report. The number of applications infected by the various components is 15 in total.'"

13 of 69 comments (clear)

  1. Apps? by xavdeman · · Score: 2

    Or applications?

  2. Re:I want to move to Germany... by ackthpt · · Score: 5, Interesting

    Imagine being able to legally work on producing the software to do this. Not just legally- but with the backing of the government. ... no, I do not condone it... ... but it would be fascinating to work on. :)

    Imagine a world where a government employs such devious means...

    Then imagine a world where the government kicks down your door because your detected their worm and quarantined it - which makes you a person of interest.

    --

    A feeling of having made the same mistake before: Deja Foobar
  3. Re:I want to move to Germany... by ackthpt · · Score: 3, Funny

    Vee haf vays of monitoring yur messages!

    In Soviet Germany ... wait, what?!?

    --

    A feeling of having made the same mistake before: Deja Foobar
  4. In Corporate US, it's for Legal Documentation ! by cbelt3 · · Score: 2

    Such' 'spyware' is rife in the Corporate world, but it's called "Document retention" and "monitoring for legal cases". Corporate smart phones, computers, etc. are all equipped with methods to record everything we do. Just because some shyster could possibly want to use it as an axe to such money from our company.

    You *CAN* get a job in industry writing this kind of code. Seriously. It's out there.

  5. Top Notch Support by Sponge+Bath · · Score: 2

    "...capable of running on 32 bit systems; it also includes support for 64 bit versions of Windows"

    I wish all software and hardware vendors were that current.

  6. Re:I want to move to Germany... by heson · · Score: 2

    NSA does not need to snoop in the leaf node, they have the network (and the cloud). If I was NSA, I would also build a tight partnership with google, in fact, many of googles features looks like spinoffs of what I imagine NSA is doing.

  7. Re:R2D2? by Spy+Handler · · Score: 4, Funny

    but then the Germans can sue Lucas for infringing on their trademark, Stormtrooper

  8. Re:Yet another reason... by jamiesan · · Score: 4, Funny

    Some guy named Lou Ftwaffa wanted me to install some plugins on my flight simulator.

  9. Re:I want to move to Germany... by zAPPzAPP · · Score: 2

    You will have to apply for a job at that one company they hand all those shady contracts to. You know, the one the minister of interior is involved with.
    Good news though: from what the CCC told us, they are really in need of some capable hackers.

  10. Re:Do Antivirus projects block this Trojan? by zAPPzAPP · · Score: 2

    Anti Virus are good at picking up malware that spread a lot.
    But these trojans are supposed to be used in very limited cases, so there is little chance of any AV aiming to find them specifically (up until now that is).
    Heuristcs are supposed to handle such cases, but you can test your malware against those heuristics until you are good to go and if they don't know of you, they can't change heuristics to catch you.

  11. German Surveillance: "No Linux support plans" by Shompol · · Score: 4, Funny

    In an interview the Sekret German Surveillance rep said: "Ve dont haf planz to releze a Linukz verson of SpyMaster 2000".
    He cited multiple problems, including lack of support for MS Trojan API's on non-Windows platforms. While there is [not] an emulator, called Bier, it it not powerful enough to support full Trojan functionality suit.

    Many Germans complained that this is the last reason that keeps them from switching to Linux. One of the interviewers complained: "They are using our Steuergeldern, there should be Chancengleichheit for all Trojans, not just Microsoft!"

  12. Re:Yet another reason... by treeves · · Score: 3, Funny

    A lady named Krystal Nacht insisted that I upgrade my shared libraries and clean up my registry, but when I did it, I found that my Windows was broken.

    --
    ...the future crusty old bastards are already drinking the Kool-Aid.
  13. Re:Do Antivirus projects block this Trojan? by godel_56 · · Score: 2

    Anti Virus are good at picking up malware that spread a lot. But these trojans are supposed to be used in very limited cases, so there is little chance of any AV aiming to find them specifically (up until now that is). Heuristics are supposed to handle such cases, but you can test your malware against those heuristics until you are good to go and if they don't know of you, they can't change heuristics to catch you.

    RTFA.

    Kaspersky stated that their AV had already detected this heuristically as a variation of the R2D2 Trojan and blocked it. They suggest installing a password in your AV to prevent anyone adding any malware to its exclusions list, as the installers had physical access to the computer to install it.