The FBI’s “Magic Lantern” Shines Bright Submitted by: Marylebone Media Relations Tuesday, 11 December 2001

The FBI’s latest cloak-and-dagger tool has attracted the attention of virus writers Cambridge UK, 11th December 2001 – The rumours surrounding the US Federal Bureau of Investigation’s developing of its own Trojan program, Magic Lantern, has drawn interest from the computer underground. On December 10, it was discovered that a seventeen-year-old Argentinean hacker, going by the pseudonym of “Agentlinux,” has developed a Trojan that poses as the widely advertised Magic Lantern. We remind readers that in mid-November, MSNBC reported that the FBI has begun developing its latest spy program that will allow the Bureau to discover and crack PGP encoded messages sent by suspects under investigation. Magic Lantern is a classic keystroke-tracking bug that FBI authorities, by logging a suspect’s keystrokes and transmitting them to a secret file, could use to decipher encoded files and messages containing supposed evidence. The FBI has yet to comment about the Magic Lantern program, but, according to ZDNet, two US-based anti-virus developers, McAfee and Symantec, have already decided not to include detection procedures for Magic Lantern in their databases, causing varying reactions amongst users. As previously mentioned, December 10 witnessed the appearance of a Trojan program that masks itself as Magic Lantern. “Malantern” (the Trojan’s given name) is a very simplistic malicious program written in Visual Basic. Upon start up, Malantern deletes files in the Windows temporary directory (C:WINDOWSTEMP) and all .SYS files in the Windows system drivers directory (C:WINDOWSSYSTEMDRIVERS). “So far, we haven’t registered any reports of incidents caused by Malantern. However, it isn’t important that the program isn’t spreading. What is necessary to realise is that with the appearance of the official ‘Lantern,’ virus writers won’t wait long to release numerous clones,” commented Eugene Kaspersky, Head of Anti-Virus Research at Kaspersky Lab. “In addition, the possibility that the original Trojan version could end up in the hands of hackers cannot be excluded. In this case, hackers could use Magic Lantern as a means to their own ends.” For this reason, the refusal of anti-virus developers to include detection procedures for Magic Lantern could cause a large epidemic leading to unpredictable consequences. At this time, Kaspersky Lab has not received any confirmation about Magic Lantern’s existence or the FBI’s intention to develop such a program. In this case, we view these rumours as they are – just rumours without any basis in fact. Defence procedures thwarting Malantern have already been added to the Kaspersky Anti-Virus database. A more detailed description of this malicious program can be found in the Kaspersky Virus Encyclopaedia.

Page 1 About Kaspersky Lab Kaspersky Lab Int. is a fast growing privately owned data-security software development company with offices in Moscow (Russia), Cambridge (United Kingdom) and Pleasanton (United States). Founded in 1997, the company concentrates its efforts on the development of world-leading data-security technologies and software. The company's flagship software product is Kaspersky Anti-Virus that provides comprehensive virus protection for a wide spectrum of customers from home users to enterprise-wide networks (Windows, Linux, Unix, Novell NetWare, OS/2, MS Exchange Server, Lotus Notes/Domino, Sendmail, Qmail, Postfix, Exim, CVP-compatible firewalls, Web-servers). Kaspersky Labs markets, distributes and supports its software and services in more than 50 countries worldwide. Media Contacts Denis Zenkin Kaspersky Lab Phone: +7 (095) 797 87 00 E-mail: [email protected] WWW: http://www.kaspersky.com Media Contact for Kaspersky Lab Sara Claridge Marylebone Media Relations Tel: 01344 876558 Email: [email protected] Web Site: http://www.marylebone.co.uk

Page 2

Distributed via Press Release Wire (https://pressreleases.responsesource.com/) on behalf of Marylebone Media Relations

Copyright © 1999-2021 ResponseSource, The Johnson Building, 79 Hatton Garden, London, EC1N 8AW, UK e: [email protected] t: 020 3426 4051 f: 0345 370 7776 w: https://www.responsesource.com