The FBI’s latest cloak-and-dagger tool has attracted the attention of virus writers
The rumors surrounding the US Federal Bureau of Investigation’s developing of its own Trojan program, Magic Lantern, has drawn interest from the computer underground. On December 10, it was discovered that a seventeen-year-old Argentinean hacker, going by the pseudonym of “Agentlinux,” has developed a Trojan that poses as the widely advertised Magic Lantern.
We remind readers that in mid-November, MSNBC reported that the FBI has begun developing its latest spy program that will allow the Bureau to discover and crack PGP encoded messages sent by suspects under investigation. Magic Lantern is a classic keystroke-tracking bug that FBI authorities, by logging a suspect’s keystrokes and transmitting them to a secret file, could use to decipher encoded files and messages containing supposed evidence.
The FBI has yet to comment about the Magic Lantern program, but, according to ZDNet (http://www.zdnet.com/zdnn/stories/comment/0,5859,2829781,00.html), two US-based anti-virus developers, McAfee and Symantec, have already decided not to include detection procedures for Magic Lantern in their databases, causing varying reactions amongst users.
As previously mentioned, December 10 witnessed the appearance of a Trojan program that masks itself as Magic Lantern. “Malantern” (the Trojan’s given name) is a very simplistic malicious program written in Visual Basic. Upon start up, Malantern deletes files in the Windows temporary directory (C:\WINDOWS\TEMP) and all .SYS files in the Windows system drivers directory (C:\WINDOWS\SYSTEM\DRIVERS\).
“So far, we haven’t registered any reports of incidents caused by Malantern. However, it isn’t important that the program isn’t spreading. What is necessary to realize is that with the appearance of the official “Lantern,’ virus writers won’t wait long to release numerous clones,” commented Eugene Kaspersky, Head of Anti-Virus Research at Kaspersky Labs. “In addition, the possibility that the original Trojan version could end up in the hands of hackers cannot be excluded. In this case, hackers could use Magic Lantern as a means to their own ends.”
For this reason, the refusal of anti-virus developers to include detection procedures for Magic Lantern could cause a large epidemic leading to unpredictable consequences.
At this time, Kaspersky Labs has not received any confirmation about Magic Lantern’s existence or the FBI’s intention to develop such a program. In this case, we view these rumors as they are – just rumors without any basis in fact.
Defense procedures thwarting Malantern have already been added to the Kaspersky Anti-Virus database.
A more detailed description of this malicious program can be found in the Kaspersky Virus Encyclopedia (http://www.viruslist.com/eng/viruslist.asp?id=4327&key=00001000120001800021 ).