[108151] in Cypherpunks
"PGP key stealing virus Caligula" available for download at
daemon@ATHENA.MIT.EDU (Ken Williams)
Sat Feb 6 16:42:58 1999
Date: Sat, 6 Feb 1999 16:27:02 -0500 (EST)
From: Ken Williams <jkwilli2@unity.ncsu.edu>
To: White House Intern Legal Counsel Mailing List <cypherpunks@toad.com>
In-Reply-To: <000501be5208$d5d19210$0102a8c0@lois.WORKGROUP>
Reply-To: Ken Williams <jkwilli2@unity.ncsu.edu>
"PGP key stealing virus Caligula" is available for download on the
codebreakers site now -
http://www.codebreakers.org/our_viruses.htm#virus-caligula
-----from the web site-----
WM97.Caligula.A
"Virus Attacks:
Espionage enabled viruses. Designed to collect/steal information.
May be vertically targeted or horizontally deployed.
There's a bright future for "espionage enabled" viruses. Consider a
virus that spreads only to machines that have a copy of PGP.
Countermeasures:
Use virus checking software"
-Quoted from: Practical Attacks on PGP by Joel McNamara
Challenge accepted Joel! may i present:
Virus Name: WM97/Caligula
Author: Opic [CodeBreakers]
Date: 1998
Info: Caligula is a Stealth WM97 SR1(2)-compatible virus.
It is unique in the manner that it is one of the first
espionage enabled viruses (ie: steals information).
Caligula steals PGP Secret Keyrings from infected users
and uploads them onto the internet. More specifically
it uploads them to: CodeBreakers.Org
The virus spreads to users regardless of if they own PGP
or not (joel doesnt know much about propagation techniques)
but it will only upload the infected users key once (to
avoid uploading multiple copies of the key. Caligula places
a marker in the Windows registry to signal the PGP theft has
been sucessful. on the 31st of the month caligula displays
a messagebox which reads:
WM97/Caligula (c)Opic [CodeBreakers 1998]
"No cia,"
"No nsa,"
"No satellite,"
"Could map our veins."
and the following properties are also given to infected
documents:
Author: Opic
Title: WM97/Caligula Infection
Subject: A Study In Espionage Enabled Viruses.
Comments: The Best Security Is Knowing The Other Guy Hasn't Got Any.
Keywords: | Caligula | Opic | CodeBreakers |
http://members.tripod.com/~opiccb/index.htm
http://www.internetnews.com/prod-news/article/0,1087,9_64191,00.html
http://www.zdnet.com/zdnn/stories/news/0,4586,2202965,00.html
http://www.geocities.com/SiliconValley/Heights/3652/CALIG.HTM
http://members.tripod.com/~opiccb/newsradio.zip
-----
Ken Williams
jkwilli2@csc.ncsu.edu
Packet Storm Security http://packetstorm.genocide2600.com/
Trinux: Linux Security Toolkit http://www.trinux.org/ ftp://ftp.trinux.org
PGP DH/DSS/RSA Public Keys http://packetstorm.genocide2600.com/pgpkey/
E.H.A.P. VP & Head of Operations http://www.ehap.org/ tattooman@ehap.org
NCSU Computer Science http://www.csc.ncsu.edu/ jkwilli2@csc.ncsu.edu
