G Data shuts down Federal Trojan
Internet security specialist sheds light on the Chaos Computer Club’s discovery
"We have analysed the software referred to as the Federal Trojan and can confirm that it is detected by our security solutions. We can safely say that our customers are not in danger from this malware," says Ralf Benzmüller, Head of G Data Security Labs. However, as detailed descriptions of the Federal Trojan's internal workings have been disclosed to the public on the weekend, criminals are able to find infected computers and use the Trojan's integrated upload function to plant their own malware on a system.
According to our security experts, exact figures on how widely the new trojan is spread are difficult to come by. Based on the figures from our Malware Information Initiative after the weekend, we cannot find evidence to suggest the Federal Trojan has spread very widely. All infections registered by G Data so far have been stopped before the trojan could be saved or started; the sample released by the German hacker group Chaos Computer Club (CCC) has not been requested by any of our cloud servers.
A Q&A with G Data's security experts regarding the Federal Trojan:
Q: Do G Data security products detect this trojan?
A: Yes, it will be detected as Backdoor.R2D2.a
Q: What are the risks?
A: Apart form the fact that a lot of data can be collected and sent to a remote party, the trojan's upload function can be exploited by criminals to install and run other malware on the system.
Q: How is the recipient of the data affected?
A: The communication with the trojan's Command & Control Server is poorly secured. This makes it possible to send all sorts of data to the C&C server, using a fake address. All alleged evidence collected by the authorities is therefore contestable.