G Data shuts down Federal Trojan

Internet security specialist sheds light on the Chaos Computer Club’s discovery

10/14/2011 | London 

G Data is today announcing that its security solutions detect and shut down the Federal Trojan that was discovered and released by the Chaos Computer Club (CCC). In recent days, Europe has witnessed a fierce debate about the trojan, which was used by certain German states to spy on criminal suspects. G Data stands firm when it says it does not agree with the use of trojans to spy on civilians. Experts from the G Data Security Labs do not expect an uncontrolled spreading of this malware at the moment.

"We have analysed the software referred to as the Federal Trojan and can confirm that it is detected by our security solutions. We can safely say that our customers are not in danger from this malware," says Ralf Benzmüller, Head of G Data Security Labs. However, as detailed descriptions of the Federal Trojan's internal workings have been disclosed to the public on the weekend, criminals are able to find infected computers and use the Trojan's integrated upload function to plant their own malware on a system.

According to our security experts, exact figures on how widely the new trojan is spread are difficult to come by. Based on the figures from our Malware Information Initiative after the weekend, we cannot find evidence to suggest the Federal Trojan has spread very widely. All infections registered by G Data so far have been stopped before the trojan could be saved or started; the sample released by the German hacker group Chaos Computer Club (CCC) has not been requested by any of our cloud servers.

A Q&A with G Data's security experts regarding the Federal Trojan:

Q: Do G Data security products detect this trojan?
A: Yes, it will be detected as Backdoor.R2D2.a

Q: What are the risks?
A: Apart form the fact that a lot of data can be collected and sent to a remote party, the trojan's upload function can be exploited by criminals to install and run other malware on the system.

Q: How is the recipient of the data affected?
A: The communication with the trojan's Command & Control Server is poorly secured. This makes it possible to send all sorts of data to the C&C server, using a fake address. All alleged evidence collected by the authorities is therefore contestable.


Harriet Lammie