[Malware Review] Backdoor.R2D2.A a.k.a "der Bundestrojanner"
Bundestrojaner, or the federal Trojan, has been extensively debated in the press for the past couple of days. It all started with an announcement over the weekend when Chaos Computer Club (CCC) said they found a backdoor Trojan allegedly used by the German government for “lawful interceptions”. Even though German spokespersons and ministers denied any involvement, the subject remains controversial.
Apart from the flaming context surrounding Backdoor.R2D2.A, this e-threat is in fact a highly interesting piece of code. From a technical viewpoint, it deserves a closer look.
Identified by Bitdefender as Backdoor.R2D2.A, this Trojan only targets Windows systems, ranging from 2000 to Vista. The dll file that it drops runs only if loaded by one of the following processes: Skype.exe, SkypePM.exe, explorer.exe, msnmsgr.exe, yahoomessenger.exe, x-lite.exe or sipgatexlite.exe. Notable here is the fact that Backdoor.R2D2 behaves differently according to the application loading it.
The Backdoor targets especially VoIP applications. It tracks and sends to the C&C server information regarding instant messenger discussions and conferences, answered or missed calls, written messages between two or more users, and oral conversations via Skype. So nothing remains a secret to this Trojan as it catalogs all: who the user speaks to, when and how long these conversations last, what messages the targeted person receives, what calls he takes or rejects.
Furthermore, it monitors user`s online activities keeping a close eye on popular Internet browsers such as Opera, Internet Explorer, Mozilla Firefox, Navigator, and Seamonkey. It also takes screenshots of the user's screen and sends them to a remote location which appears to be near Dusseldorf. And on top of it all, this spy master is capable of downloading and executing further malicious files.
This article is based on the technical information provided courtesy of Doina Cosovan, BitDefender VirusAnalyst.
All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.
The Holiday Guide to Tech Support: Fixing the Family Computer
November 24, 2021
Bitdefender Celebrates 20 Years of Cybersecurity Leadership
November 04, 2021
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords
October 26, 2021
What are drive-by download attacks and how do you prevent them?
October 25, 2021
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks
October 22, 2021
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals
October 20, 2021