Monday, October 10, 2011

Possible Governmental Backdoor found ("case R2D2")


The announcment was made public on with a detailed 20-page analysis of the functionality of the malware. Download the report in PDF (in German)

The malware in question is a Windows backdoor consisting of a DLL and a kernel driver.

The backdoor includes a keylogger that targets certain applications. These applications include Firefox, Skype, MSN Messenger, ICQ and others.

The backdoor also contains code intended to take screenshots and record audio, including recording Skype calls.

In addition, the backdoor can be remotely updated. Servers that it connects to include and

We do not know who created this backdoor and what it was used for.

We have no reason to suspect CCC's findings, but we can't confirm that this trojan was written by the German government. As far as we see, the only party that could confirm that would be the German government itself.

Our generic policy on detecting governmental backdoors or "lawful interception" police trojans can be read here.

We have never before analysed a sample that has been suspected to be governmental backdoor. We have also never been asked by any government to avoid detecting their backdoors.

Having said that, we detect this backdoor as Backdoor:W32/R2D2.A

Read more: F-Secure
QR: 00002249.html

Posted via email from Jasper-Net