Previous message: "Symantec, McAfee backpedal furiously on espionage enabled-software" http://www.politechbot.com/p-02914.html ********** Date: Tue, 11 Dec 2001 12:21:49 -0800 (PST) From: Annalee Newitz <brainsploitationat_private> Subject: symantec's new position To: declanat_private (you can post this if you like) --- Declan McCullagh <declanat_private> wrote: > We've now heard contradictory reports from both > Symantec and McAfee, though > I'm inclined to believe McAfee's public, > on-the-record statements. Declan, I've been interviewing "spokespeople" from Symantec (they don't like to give out their real names) about this issue for the past couple of weeks. I finally got one to go on record saying very specifically that "if a Symantec customer located a copy of the Magic Lantern trojan horse virus and gave us a copy, we would be obliged to filter for it with our anti-virus software." In other words, their new public position is that they will actively block FBI-authored viruses. Interesting, no? Annalee ===== Annalee Newitz tech * pop * sex 415.487.2559 - cell: 415.378.4498 www.techsploitation.com ********** From: Adrian Alcock <adrian_alcockat_private> To: "'declanat_private'" <declanat_private> Subject: RE: Symantec, McAfee backpedal furiously on espionage enabled-sof tware Date: Wed, 12 Dec 2001 10:30:21 +1100 Hi Declan. "Despite subsequent reports to the contrary, officials at Symantec Corp. (Nasdaq:SYMC - news) and Network Associates Inc. (Nasdaq:NETA - news) said they had no intention of voluntarily modifying their products to satisfy the FBI. Spokesmen at two other computer security companies, Japan-based Trend Micro Inc." They probably wouldn't have to modify their product to suit the FBI. I don't use either Symantec's or NA's software, but I know that a Sophos installation requires extra files (called "virus identity files") for each new virus to be protected against. Assuming that the same applies to McAfee and Norton, then we would be concerned if they didn't alter their product to identify the FBI's snoopware as it means they are doing nothing to identify, let alone act on the threat. Adrian ********** From: Nomen Nescio <nobodyat_private> Comments: This message did not originate from the Sender address above. It was remailed automatically by anonymizing remailer software. Please report problems or inappropriate use to the remailer administrator at <abuseat_private>. To: declanat_private Subject: Re: FC: Symantec, McAfee backpedal furiously on espionage enabled-software You may be interested in the statement on Magic Lantern issued by Moscow-based anti-virus maker Kaspersky: Betreff: [Kaspersky Labs Press Release] The FBI's "Magic Lantern" Shines Bright Datum: Tue, 11 Dec 2001 15:53:09 +0300 Von: Denis Zenkin <denisat_private> December 11, 2001 The FBI's "Magic Lantern" Shines Bright The FBI's latest cloak-and-dagger tool has attracted the attention of virus writers The rumors surrounding the US Federal Bureau of Investigation's developing of its own Trojan program, Magic Lantern, has drawn interest from the computer underground. On December 10, it was discovered that a seventeen-year-old Argentinean hacker, going by the pseudonym of "Agentlinux," has developed a Trojan that poses as the widely advertised Magic Lantern. We remind readers that in mid-November, MSNBC reported that the FBI has begun developing its latest spy program that will allow the Bureau to discover and crack PGP encoded messages sent by suspects under investigation. Magic Lantern is a classic keystroke-tracking bug that FBI authorities, by logging a suspect's keystrokes and transmitting them to a secret file, could use to decipher encoded files and messages containing supposed evidence. The FBI has yet to comment about the Magic Lantern program, but, according to ZDNet (http://www.zdnet.com/zdnn/stories/comment/0,5859,2829781,00.html), two US-based anti-virus developers, McAfee and Symantec, have already decided not to include detection procedures for Magic Lantern in their databases, causing varying reactions amongst users. As previously mentioned, December 10 witnessed the appearance of a Trojan program that masks itself as Magic Lantern. "Malantern" (the Trojan's given name) is a very simplistic malicious program written in Visual Basic. Upon start up, Malantern deletes files in the Windows temporary directory (C:\WINDOWS\TEMP) and all .SYS files in the Windows system drivers directory (C:\WINDOWS\SYSTEM\DRIVERS\). "So far, we haven't registered any reports of incidents caused by Malantern. However, it isn't important that the program isn't spreading. What is necessary to realize is that with the appearance of the official 'Lantern,' virus writers won't wait long to release numerous clones," commented Eugene Kaspersky, Head of Anti-Virus Research at Kaspersky Labs. "In addition, the possibility that the original Trojan version could end up in the hands of hackers cannot be excluded. In this case, hackers could use Magic Lantern as a means to their own ends." For this reason, the refusal of anti-virus developers to include detection procedures for Magic Lantern could cause a large epidemic leading to unpredictable consequences. At this time, Kaspersky Labs has not received any confirmation about Magic Lantern's existence or the FBI's intention to develop such a program. In this case, we view these rumors as they are just rumors without any basis in fact. Defense procedures thwarting Malantern have already been added to the Kaspersky Anti-Virus database. A more detailed description of this malicious program can be found in the Kaspersky Virus Encyclopedia (http://www.viruslist.com/eng/viruslist.asp?id=4327&key=00001000120001800021). Best Regards, Denis Zenkin Head of Corporate Communications Kaspersky Lab Ltd 10, Geroyev Panfilovtsev St, Moscow, 123363, Russia Tel.: +7 095 948 56 50; Fax: +7 095 948 43 31; Mobile: +7 095 798 98 76 E-mail: denisat_private; http://www.kaspersky.com; http://www.viruslist.com ---------------------------------------------------------------- ********** ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. Declan McCullagh's photographs are at http://www.mccullagh.org/ To subscribe to Politech: http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ -------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue Dec 11 2001 - 16:00:19 PST