wrench352
January 16th, 2004, 02:37 PM
I could have put this post in several threads but I felt it deserved a thread unto itself. After speaking with several forum members about Magic Lantern on the IRC, I found out not many forumites were aware of it. There is a good reason for this as its classified and secret. Not much is known about Magic Lantern, how it works or its origins. This much is known, it exists, and it is a keylogger trojan designed to steal passwords/pass phrases thereby rendering encryption useless. It is possible it is either inserted via email or physically uploaded at the target computer. The end user has 90 days to collect data.
It can be assumed all domestically (US) made antivirus software and potentially anti-spyware have been compromised. According to zdnet:
So far, Symantec and Network Associates have said their software will not detect the presence of this FBI Trojan horse. It should be noted that antivirus products already exclude some files from their scans, though none are as powerful as Magic Lantern. No antivirus software vendors outside the U.S have weighed in on this matter yet.
Only the European company Sophos has said they dont intend to exclude Magic Lantern. Other products of interest to us are Kaspersky and Panda Software. The latter of which curiously has an international and US edition. There is also an open source AV project which would seem best,however its still in its infancy and needs further developement.
http://www.openantivirus.org/projects.php
Further complicating things is the fact that the trojan is classified and publicized use is far and in between. The only publicized use I've seen has been the Little Nicky Scarfo case. I believe the trojan would have to be caught and quarantined in order for virus definitions to be made. If it was possible to catch the trojan,instead of curing the problem, it would be more profitable to alter it to work for its new master. Antivirus programs made outside the United States with advanced hueristics seem to be the answer.
There are also a multitude of anti spyware programs available including anti-keyloggers. From initial research each are hit or miss and to be effective against current keyloggers,several would have to be run concurrently. So many are available and their use against this particular trojan questionable that I wont waste the space to name them specifically.
It has been brought to my attention that this:
http://www.kanguru.com/encryptor.html
This would prevent the trojan being physically uploaded even at boot. I am unfamiliar with the technology however and am not sure weather it would be effective against downloaded variations, attached to say email or in our case a tasty file on a P2P.
On an end note I have tried several versions of Sophos AV, I got off emule. Each crashed my system and I was lucky to uninstall it.
Your Thoughts, Comments and Suggestions are more than welcome. Thank you.
It can be assumed all domestically (US) made antivirus software and potentially anti-spyware have been compromised. According to zdnet:
So far, Symantec and Network Associates have said their software will not detect the presence of this FBI Trojan horse. It should be noted that antivirus products already exclude some files from their scans, though none are as powerful as Magic Lantern. No antivirus software vendors outside the U.S have weighed in on this matter yet.
Only the European company Sophos has said they dont intend to exclude Magic Lantern. Other products of interest to us are Kaspersky and Panda Software. The latter of which curiously has an international and US edition. There is also an open source AV project which would seem best,however its still in its infancy and needs further developement.
http://www.openantivirus.org/projects.php
Further complicating things is the fact that the trojan is classified and publicized use is far and in between. The only publicized use I've seen has been the Little Nicky Scarfo case. I believe the trojan would have to be caught and quarantined in order for virus definitions to be made. If it was possible to catch the trojan,instead of curing the problem, it would be more profitable to alter it to work for its new master. Antivirus programs made outside the United States with advanced hueristics seem to be the answer.
There are also a multitude of anti spyware programs available including anti-keyloggers. From initial research each are hit or miss and to be effective against current keyloggers,several would have to be run concurrently. So many are available and their use against this particular trojan questionable that I wont waste the space to name them specifically.
It has been brought to my attention that this:
http://www.kanguru.com/encryptor.html
This would prevent the trojan being physically uploaded even at boot. I am unfamiliar with the technology however and am not sure weather it would be effective against downloaded variations, attached to say email or in our case a tasty file on a P2P.
On an end note I have tried several versions of Sophos AV, I got off emule. Each crashed my system and I was lucky to uninstall it.
Your Thoughts, Comments and Suggestions are more than welcome. Thank you.