[ISN] Trojan vendor dishes the Dirt

From: InfoSec News (isnat_private)
Date: Fri Jun 08 2001 - 00:08:07 PDT

  • Next message: InfoSec News: "[ISN] European 'safer Internet' site hit by hackers"

    By James Middleton 
    07 Jun 2001
    Codex Data Systems, marketers of the controversial Dirt Trojan, has
    rubbished claims that the product does not actually exist. Eddie
    James, vice president of Codex, told vnunet.com: "Dirt has been
    available since 1998. It is in use by a number of law enforcement
    James also claimed that organisations such as Nato and the Hi-tech
    Crime Investigators Association have expressed interest in the
    "The only reason it is of interest now is because someone got hold of
    a marketing presentation that was not for public disclosure. In fact,
    the product's existence was not meant to be public knowledge," he
    said, adding that "if we find that person we will file a criminal
    complaint through the Secret Service".
    James said that he would "love to demonstrate the tool", but since
    vnunet.com is not an officially recognised law enforcement agency, he
    could not.
    The reputation of Codex has been called into question after it was
    revealed by UK news website theregister that company chief executive
    Frank Jones is a convicted felon and known fraudster currently on
    probation for illegal possession of surveillance devices.
    James was forced to acknowledge that the only reason Dirt is
    undetectable by antivirus software is because no antivirus company has
    ever seen it, and that it could only be used as a "last resort" tool
    after obtaining a court order.
    As for the ability to bypass firewalls, done by killing the process in
    the operating system, there is no explanation as to how it attacks the
    firewall in the first place.
    However, Paul Rogers, network security analyst at MIS, who has met the
    company, said he was very impressed with the standard of keyloggers
    Codex offered, but as he had not seen Dirt in action, he remained
    The rumours have also been fuelled by newsgroup postings from people
    claiming to have seen demonstrations of Dirt. One such posting on the
    Cypherpunk Hyperarchive said that Dirt it is "not much more than
    BackOrifice, NetBus, VNC or PC Anywhere, for that matter".
    "It has a bit more capability than some of those, in that it will act
    as something similar to an FTP server and a keystroke capture tool.
    But any programmer with 2nd year C programming and a Win32 compiler
    can download VNC and add stuff to it to do the same thing," it added.
    ISN is hosted by SecurityFocus.com
    To unsubscribe email isn-unsubscribeat_private

    This archive was generated by hypermail 2b30 : Fri Jun 08 2001 - 02:51:53 PDT