Under German law, the police are allowed to use spyware to snoop on suspected criminals – but only under strict guidelines. The spyware must not alter any code on the suspect’s computer and safeguards must be put in place to prevent the Trojan being subverted to include additional functionality.
The Chaos Computer Club (CCC) has announced the discovery of a backdoor Trojan horse that is capable of spying on online activity such as recording Skype conversations and monitoring online behaviour. The CCC implies that the malware was created for, and is being used by, German law enforcement authorities such as the BKA and LKA.
Sophos’s analysis of the malware confirms that it has the following functionality:
* The Trojan can eavesdrop on several communication applications - including Skype, MSN Messenger and Yahoo Messenger
* The Trojan can log keystrokes in Firefox, Opera, Internet Explorer and SeaMonkey
* The Trojan can take JPEG screenshots of what appears on users' screens and record Skype audio calls
* The Trojan attempts to communicate with a remote website
“While it’s not possible to *prove* who authored the malware, it’s beginning to look more and more likely that the German authorities were involved,” said Graham Cluley, senior technology consultant at Sophos. “The malware targets Windows computers and to become infected, you typically might receive an email containing an attached file, or a link to the web which would then infect the computer. SophosLabs detects all malware that we know about – regardless of who the author might be. So whether this malware is state-sponsored or not, we’ve added protection against this attack.”