German Hacker Club Uncovers Gov't-Sponsored In The Wild Malware
The CCC released its findings on its website, in the form of a 20-page PDF file (in German), along with an accompanying post in English. In part, the CCC said the following,
"The malware can not only siphon away intimate data but also offers a remote control or backdoor functionality for uploading and executing arbitrary other programs. Significant design and implementation flaws make all of the functionality available to anyone on the internet.
"The trojan can … receive uploads of arbitrary programs from the Internet and execute them remotely. Activation of the computer’s hardware like microphone or camera can be used for room surveillance."
What F-Secure didn't do was assign the blame to the German government. F-Secure said “We do not know who created this backdoor and what it was used for. We have no reason to suspect CCC’s findings, but we can’t confirm that this trojan was written by the German government. As far as we see, the only party that could confirm that would be the German government itself.
"We have never before analysed a sample that has been suspected to be governmental backdoor. We have also never been asked by any government to avoid detecting their backdoors." In fact, F-Secure detects the malware as Backdoor:W32/R2D2.A, where R2D2 comes from a string inside the trojan: "C3PO-r2d2-POE."
There is a so-called "legal" Trojan known as "Bundestrojan," or "federal Trojan" in English. If authorized by a court order, authorities can use the Bundestrojan to listen in on Skype-based phone calls. This new program goes far beyond the abilities of Bundestrojan.
F-Secure said it expected an official response from the German government, but that has not been made yet.