Detect Alleged German State-Sponsored Trojan On Your PC
I have monitored news about the alleged German state-sponsored trojan closely ever since the German Chaos Computer Club posted information about it online. While there is not a definitive proof that it is indeed malware designed and operated by German police forces, it is definitely something that computer users need to be aware of.
I do not want to get into too many details at this point in time and suggest you read the long post over at the club's website to get a better understanding of what it can and cannot do. A binary version of the program has been uploaded to the club's website as well.
Only that much. The so called Bundestrojaner (federal trojan) works in its detected form on 32-bit Windows operating systems. The trojan targets software used for communication. This includes Skype, ICQ or the MSN Messenger but also web browsers. It acts as a keylogger and contains functionality to download and execute code from remote locations. It can furthermore take screenshots, record audio and supports remote updating.
The core issue here is not that such a trojan exists as it was openly discussed in Germany, but that the trojan is capable of going beyond what the German Federal Constitutional Court allowed police forces to do with it.
While it appears to be more of a local German issue, it is not completely out of the question that the trojan was planted on computer systems of foreign nationals.
Security company Steganos has released a first version of the - German only - Anti-Bundestrojaner, a software to detect the trojan on 32-bit Windows systems. The software is free and portable, and can be downloaded from the Steganos website with a click on the Jetzt Herunterladen button. Update: The download is no longer available.
All that you need to do is to run the program and click on the Analyse starten... button in the interface. This starts the system scan.
The security software scans the system and will display findings in the interface. It will scan the system for drivers and libraries, and try to make a connection to the remote servers of the trojan. A red icon in front of a line followed by the word Kritisch (critical) means that it has detected a file belonging to the trojan.
If that is the case a popup will be displayed prompting the user to either selected Ja (yes) to delete the identified files or Nein (no) to leave them on the system.
If you select yes you are asked to reboot the system after the deletion completes. Select ja to reboot right away or nein to reboot at a later time.Advertisement