Detect Alleged German State-Sponsored Trojan On Your PC

Martin Brinkmann
Oct 10, 2011
Updated • Dec 16, 2014
Security, Windows software

I have monitored news about the alleged German state-sponsored trojan closely ever since the German Chaos Computer Club posted information about it online. While there is not a definitive proof that it is indeed malware designed and operated by German police forces, it is definitely something that computer users need to be aware of.

I do not want to get into too many details at this point in time and suggest you read the long post over at the club's website to get a better understanding of what it can and cannot do. A binary version of the program has been uploaded to the club's website as well.

Only that much. The so called Bundestrojaner (federal trojan) works in its detected form on 32-bit Windows operating systems. The trojan targets software used for communication. This includes Skype, ICQ or the MSN Messenger but also web browsers. It acts as a keylogger and contains functionality to download and execute code from remote locations. It can furthermore take screenshots, record audio and supports remote updating.

The core issue here is not that such a trojan exists as it was openly discussed in Germany, but that the trojan is capable of going beyond what the German Federal Constitutional Court allowed police forces to do with it.

While it appears to be more of a local German issue, it is not completely out of the question that the trojan was planted on computer systems of foreign nationals.

Security company Steganos has released a first version of the - German only - Anti-Bundestrojaner, a software to detect the trojan on 32-bit Windows systems. The software is free and portable, and can be downloaded from the Steganos website with a click on the Jetzt Herunterladen button. Update: The download is no longer available.

All that you need to do is to run the program and click on the Analyse starten... button in the interface. This starts the system scan.

steganos anti bundestrojaner

The security software scans the system and will display findings in the interface. It will scan the system for drivers and libraries, and try to make a connection to the remote servers of the trojan. A red icon in front of a line followed by the word Kritisch (critical) means that it has detected a file belonging to the trojan.

If that is the case a popup will be displayed prompting the user to either selected Ja (yes) to delete the identified files or Nein (no) to leave them on the system.

If you select yes you are asked to reboot the system after the deletion completes. Select ja to reboot right away or nein to reboot at a later time.


Tutorials & Tips

Previous Post: «
Next Post: «


  1. Berttie said on October 10, 2011 at 10:50 pm

    So the Bundestrojaner is 32 bit only? Memo to Deutsch gauner (crooks): Use 64-bit Windows (or, presumably, Linux or Mac OS X).

    1. Martin Brinkmann said on October 10, 2011 at 11:56 pm

      Well the version that was discovered – or leaked – was 32-bit only.

  2. Dean said on October 10, 2011 at 6:09 pm

    Ah right – ain’t got one; just must have got the fields mixed up and put Dean in the website (Looks like it’s defaulted that to


  3. Dean said on October 10, 2011 at 6:06 pm

    I take it there is no way to edit past comments?

    Just realised I put my name in the website bit and it’s linking to someone who isn’t me! lol

    1. Martin Brinkmann said on October 10, 2011 at 6:08 pm

      No editing, what’s your website?

  4. Anonymous said on October 10, 2011 at 5:06 pm

    This is the one that shows if it *doesn’t* find anything – it translates as “There is no evidence for the existence of the Federal Trojan has been detected on your system!”

    1. Martin Brinkmann said on October 10, 2011 at 5:45 pm

      Thanks for posting, good addition.

  5. Paul(us) said on October 10, 2011 at 3:43 pm

    Good articel, I am woundering when the first German sniffer is found in a outher country.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.