2 min read

[Malware Review] Backdoor.R2D2.A a.k.a "der Bundestrojanner"

Loredana BOTEZATU

October 11, 2011

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
[Malware Review] Backdoor.R2D2.A a.k.a "der Bundestrojanner"

Bundestrojaner, or the federal Trojan, has been extensively debated in the press for the past couple of days. It all started with an announcement over the weekend when Chaos Computer Club (CCC) said they found a backdoor Trojan allegedly used by the German government for “lawful interceptions”. Even though German spokespersons and ministers denied any involvement, the subject remains controversial.

Apart from the flaming context surrounding Backdoor.R2D2.A, this e-threat is in fact a highly interesting piece of code. From a technical viewpoint, it deserves a closer look.

Identified by Bitdefender as Backdoor.R2D2.A, this Trojan only targets Windows systems, ranging from 2000 to Vista. The dll file that it drops runs only if loaded by one of the following processes: Skype.exe, SkypePM.exe, explorer.exe, msnmsgr.exe, yahoomessenger.exe, x-lite.exe or sipgatexlite.exe. Notable here is the fact that Backdoor.R2D2 behaves differently according to the application loading it.

The Backdoor targets especially VoIP applications. It tracks and sends to the C&C server information regarding instant messenger discussions and conferences, answered or missed calls, written messages between two or more users, and oral conversations via Skype. So nothing remains a secret to this Trojan as it catalogs all: who the user speaks to, when and how long these conversations last, what messages the targeted person receives, what calls he takes or rejects.

Furthermore, it monitors user`s online activities keeping a close eye on popular Internet browsers such as Opera, Internet Explorer, Mozilla Firefox, Navigator, and Seamonkey. It also takes screenshots of the user's screen and sends them to a remote location which appears to be near Dusseldorf. And on top of it all, this spy master is capable of downloading and executing further malicious files.

Bitdefender released yesterday a new removal for controversial Backdoor.R2D2.A that can be downloaded free of charge from here. (32-bitor 64-bit).

This article is based on the technical information provided courtesy of Doina Cosovan, BitDefender VirusAnalyst.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

tags


Author



Right now

Top posts

The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

October 22, 2021

2 min read
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

October 20, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

How to keep your Android device immune to malicious vaccine themed apps How to keep your Android device immune to malicious vaccine themed apps
Cristina POPOV

April 22, 2021

2 min read
Facebook Takes Down Two Hacking Groups Operating out of Palestine Facebook Takes Down Two Hacking Groups Operating out of Palestine
Silviu STAHIE

April 22, 2021

2 min read
Ransomware attack causes supermarket cheese shortage in the Netherlands Ransomware attack causes supermarket cheese shortage in the Netherlands
Graham CLULEY

April 13, 2021

2 min read