Rainbow Network Cambridge
             -   Home  -
World Peace Pages
9/11 links below

Current internet virus may lead to Government logging web browsing
ceated: 11 Dec '01 - update: 1 Jan '02

Summary of this page:
Badtrans is the name of the virus that is making the rounds currently and grinding email servers to a halt worldwide. There is much speculation by respectable theorists that this may be the much-talked about keylogging virus the FBI is threatening to release on the public known by the name Magic Lantern. There are three scenarios within possibility which would explain the origin of the Badtrans virus.
Magic Lantern is a key-logging program, designed to intercept passwords and outgoing emails from the user's machine.

Some examples of current virii: "W32.Badtrans.B" Computer Virus (Worm), "Goner" worm, sircam.worm "TROJ_SIRCAM.A".

Please be suspicious about the political impact of this possible technical development (remember George Orwell's '1984')

- - - rainbow line - - -


CyberWar Update #2 of November 30th, 2001, assembled by Mark Hopkins

There are two major fronts opening up in the Cyber War front, largely being ignored by the major media. Computer security groups are noting the vast influx of email-propelled virii. The other front largely ignored is the clash in the surveillance policies and programs between the FBI and the CIA, reported only by Charles R. Smith of Newsmax.com news service.

Virus Invasion

Badtrans is the name of the virus that is making the rounds currently and grinding email servers to a halt worldwide. There is much speculation by respectable theorists that this may be the much-talked about keylogging virus the FBI is threatening to release on the public known by the name Magic Lantern. Operationally, it fits the profile, logging keystrokes to a temp-file and when the temp-file reaches a certain size, mailing the log file to a pre-specified recipient. The Badtrans virus has had a couple modifications made to it over the last couple weeks, making it's transmission and operations more smooth, and therefore more infections and effective, however it is reported that most commercially available anti-virus software still picks it up prior to infection.

The new version of the Badtrans virus activates embedded HTML in the email and automatically informs Microsoft email programs to activate the attached virus program. The virus also appears to activate the MP3 player.

There are three scenarios within possibility which would explain the origin of the Badtrans virus. The first, most obvious, and most widely accepted is that it is a simple keylogging virus put out by a random hacker to get user's usernames and passwords. The second theory is more of an addendum to the first, in that it's a virus put out by a random hacker at this time to try to create a buzz and make it look as if the FBI is targetting certain groups or demographics (this theory has been posited by many members of the OSINT group RMNews). The third theory is that this is in fact the second iteration of the Magic Lantern keylogger.

The first theory is supported by the simple fact that this sort of thing comes out on a fairly regular basis, and to assume that this virus is any different than the last 15 that have come out is pure conjecture -- at least at first glance. The third theory is supported by the plethora of news releases that has accompanied the virus's release that tell of the FBI's Magic Lantern keylogger's inner workings. The operations are very similar in description, and a mass release through worm form is an effective means of distribution, despite the preferred method of delivery is reportedly the newly allowed ''sneak and peek'' method -- however, distribution through an email virus does seem to be a bit unconventional, a bit of a kludge-type attack. Granted, the FBI's technology teams have proven somewhat clueless as to implementation of internet technologies in the past, but this tends to lack the type of precision the FBI needs, and seems like it could lead to the type of legal troubl! e the FBI could ill-afford.

All of this lends the most credence to the second theory, that it is most likely being used as an Infowar tool, to make individuals feel as if they are being singled out by the FBI or other government agencies since most virus detection systems alert the user of it and mention it's purpose. It may have originally started out as the tool mentioned in theory one, but it has quickly become the tool mentioned in theory two.

FBI vs. CIA in Cyberspace

Most people who are in the intelligence community and those who follow it recognize that there was a vast intelligence failure that led up to the Sept 11 attacks.

The FBI and CIA are two agencies charged with law enforcement and intelligence operations, have taken the most heat for the failure. Both agencies had few areas of cooperation prior to Sept. 11. As it turns out the FBI and CIA have suddenly found themselves in diametrecially opposed roles inside cyberspace.

Below is a list of tools that would aid US Federal law

FBI tools:

Carnivore ( http://www.fbi.gov/hq/lab/carnivore/carnlrgmap.htm) The way carnivore works, according to the diagrams and explanations on the FBI website, is to trap all data going through a certain point, make a copy and send it back to a centralized point. The FBI is then able to sift through it using keyword searches.

Some time last year the FBI was forced by privacy advocates such as the ACLU and the EFF to reveal that it had a new software program called Carnivore designed to monitor Internet e-mail. The way the Carnivore system operates is not on home personal computers, or the client side, but on Internet Service Provider computers, or the server side. This allows the agency to siphon off data from suspected customers.

It is used only for looking through email, according to its description, *however* from it's description, it is also capable of sifting through web traffick. (remember that)

Magic Lantern
There is no official documentation on Magic Lantern on FBI's website, but open source intelligence resources describe it's operation and implementation as such:

It is to be spread either through an agent manually infecting the machine by inserting an infected disk or downloading the infection, or through targeted email virus infections. (i.e., opening an email, and a hidden virus is installed on the victim's machine without his knowlege by way of many security holes in email software).

It is a key-logging program, designed to intercept passwords and outgoing emails from the user's machine. It cannot log mouse clicks, however, which is it's only weakness. (i.e., if a user has an encryption software installed, and has the password stored locally, it can be activated by mouse clicks instead of a password being typed in, thus defeating the keylogging method).

Developed jointly by Ocean Systems Co. of Burtonsville Md. (did the software side) and Avid Technology Inc. (hardware side). Its purpose is to trace the financial transactions linked to Sept's terrorist attacks against New York and Washington by enhancing ATM video surveillance images that were previously unusable due to bad lighting and such.

Deleted file recovery tool. Used in cases where the suspect has clean sweep deleted the hard drive of data.

CIA tools:

Triangle Boy/SafeWeb
It's original intent was to allow Asian Surfers (primarily Chinese) to surf the web without government interference. It allowed them to bypass governmentally blockage of websites and to do so anonymously (at least to governments other than the United States).

Technically, this tool sponsored by the CIA could be used as an aid to hackers, as well as those hiding from governments and companies who filter what their users are able to see.

It could also be used as a device to in some way circumvent the FBI from positively tracking down the author of a message. Imagine if a terrorist sets up an account on Hotmail, but uses Triangle Boy to access it. The FBI would be able to determine what the content was, but would be unable to find the user by way of IP tracking. Nor would the FBI know what computer to put Magic Lantern on in case the user was employing a method of encryption, which would prevent the FBI from even seeing the content of the messages as well.

Custom-written software scours foreign Web sites and displays information in English back to analysts. The program already understands at least nine languages, including Russian, French and Japanese. Not a remarkable piece of software, same results that this software produce can be accomplished by combining the power of Digital's babelfish project with Google's search engine software.

Essentially a European Carnivore, not officially acknowleged by the US government. [read more about Echelon]

Technology that listens to worldwide television and radio broadcasts and transcribes detailed reports for analysts. Oasis currently misinterprets about one in every five words and has difficulty recognizing colloquial Arabic, but the system is improving, said Larry Fairchild, head of the CIA's year-old Office of Advanced Information Technology.

Conflicting tools:

The tool conflict comes up between the CIA and the FBI are the CIA's Triangle Boy utility and the FBI's Magic Lantern and Carnivore snooping utilities. Essentially, by using the Triangle Boy web proxy utility or any other commercially available approximation thereof while simultaneously running any number of publicly available different 128-bit encryption routines, you can effectively and completely block yourself off from any FBI monitoring.

What Triangle Boy allows you to do is anonymously surf the web. There are a couple public projects on the internet that approximate what Triangle Boy does, such as it's predecessor Anonymizer.com, probably the web's first public anonymous proxy server. By using this or a similar service to log on to a public, free email server, you have prevented the email server from logging your IP address, or in other words, a number that can be linked to your person.

To completely make your message unintelligable and unbreakable to the US Federal government, use 128-bit or better encryption methods, preferrably the RC5 standard. Distributed.net has been working with a brute force hack of the RC5 encryption routine (64-bit encryption) since 1998 using thousands of computers simultaneously on the project and estimates they have a year left until they break the code. From this one can safely assume that by the time the government is able to break your message at 128-bits, the usefulness of the contents of the message will long past be viable, not to mention most statute of limitation laws will have expired in the process.

Vulnerabilities in the Magic Lantern Keylogger

The Magic Lantern keylogger not only is ineffective in accomplishing it's purpose by virtue of the CIA's and the private sector's privacy tools, it also could backfire on the federal government. Any technically savvy hacker, could quite easily reverse engineer the product to either hack into the repository for the keylogged files or re-distribute the virus as an agent to gather his own data, especially if the government strikes deals with anti-virus makers to make the utility unnoticed by their detection software.

Brooks Isoldi, editor - bisoldi@intellnet.org - www.intellnet.org

- - - rainbow line - - -


Latest Virus Alerts

"W32.Badtrans.B" Computer Virus (Worm)

W32.Badtrans.B@mm: Discovered on: November 24, 2001. W32.Badtrans.B@mm is a MAPI worm that emails itself out as one of several different file names. This worm also drops a backdoor trojan that logs keystrokes.

"[W32.Badtrans.B] does not require the email recipient to open the attachment for it to execute. It uses a known vulnerability in Internet Explorer-based email clients (Microsoft Outlook and Microsoft Outlook Express) to automatically execute the file attachment. This vulnerability is also known as Automatic Execution of Embedded MIME type."

The "W32.Badtrans.B" Computer Virus (Worm) is running rampant. As of December 3rd, Trend Micro reports over 73,000 WORM_BADTRANS.B infections detected by "HouseCall" (its free online virus checker) (from http://wtc.trendmicro.com/wtc/ ).

Complete information on this virus (worm) can be found here: http://www.sarc.com/avcenter/venc/data/w32.badtrans.b@mm.html

28 Dec '01: The FBI wants access to worm's pilfered data http://www.dailyrotten.com/articles/archive/189387.html The FBI is asking for access to a massive database that contains the private communications and passwords of the victims of the Badtrans Internet worm. (...) The United States is becoming an Orwellian nightmare!

NEW VIRUS ALERT: "Goner" worm

Sent by Mona LaVine - This Virus is NOT not a hoax!

NEW YORK - Electronic security experts are warning of a powerful new computer worm that can do everything from send e-mail to delete virus programs to hack other machines, all from your own PC.

Disguised as an innocuous screensaver program from a thoughtful friend, the "Goner" worm appeared Tuesday morning and is on its way to becoming a worldwide epidemic - and computer-virus specialists are warning people to be on the alert.

"The subject line says 'Hi' and will be from someone you know," Symantec security response group manager Kevin Haley said. The text will say 'How are you? I saw this screensaver and immediately thought of you.' That's a giveaway (or) I am in a hurry, I promise you will love it!"

Needless to say, computer users are advised not to open the attached "screensaver" program, or they will unleash a computer worm that will delve through their e-mail address books, replicate itself and send itself out to all their friends.

Goner works through Microsoft programs like Outlook and Outlook Express and can send itself through instant-messaging services like ICQ and Internet Relay Chat.

Solution for new virus Gone and others at http://securityresponse.symantec.com/avcenter/venc/data/w32.goner.a@mm.removal.tool.html

Sircam.worm "TROJ_SIRCAM.A" in attachment - by Ralph Nimmann

Subject: any file name
Mail Size: usually 100 KByte or more
visible text message:
"Hi! How are you

I send you this file in order to have your advice

See you later

The virus attaches itself to any file of any size it likes in your PC and sends off emails WITH IT'S OWN EMAIL CLIENT. Your modem appears to be doing funny things since it does not need to use Outlook Express to send infected mail to others. Infected files are identified with an extra extension on things like: *.doc.com, *.zip.* ...etc. The virus will pick up a file randomly from your computer to do this and sends as an attachment.

Once the attachment is opened, their computers will also become infected and so the cycle goes on...

Visit www.pandasoftware.com where a free download will fix your problem.
You can download a removal tool for the virus at: http://www.symantec.com/avcenter/venc/data/w32.sircam.worm@mm.removal.tool.html
More here: http://support.ca.com/techbases/ilnt/virusalert2.html

- - - rainbow line - - -


contact & e-mail details - top of page

[This page is www.rainbow-cambridge.org.uk/peace/virus.htm ]

World Peace Pages - home    |    Summary contents    |    9 / 11 Updates    |    Do you value the information on this page?
Doubts: Planes & Air Force | Early warnings | Bombs in the World Trade Center? | Detailed list of questions
Understanding: US History | Inspiring thoughts | Why the US is hated | Money and War | US-UK. attack violates law | Opium Connection | Islam and Terrorism?
Foreknowledge: Events Time Line | The Oil | Stock indicator | CIA & FBI
End of Freedom? Media in Conflict | FEMA - Secret Government | Bush and 1984 | End of Freedom | US and Fourth Reich | US Critic William Cooper Killed | PC virus
Uncovering the Truth: Terror & Mass Persuasion by William Thomas | Real Perpetrators behind Sept 11 | Mike Ruppert's Expose 'Government Complicity' | Anthrax Manupulation | Ralph's Prediction
What to do? Concentrate on love & peace | Gandhi about Nonviolence | 100 Nobel Laureates Warn | ACTION & events | Comment | Truth Appeal
More: UK Situation | Peace Letters | Spiritual Wisdom | 9/11 Links | Ralph & Peace
More PEACE on Ra in bo w Network Cambridge / UK | ABOUT the Rainbow Network
Special Events | Spiritual Web Page | Healing & Health Page | Environmental Page | Cambridge Inter-Faith Group | Dances of Universal Peace
An Open Letter from God | International peace meditation | Prayers and Invocations

View Stats Rainbow Network - - View Stats 9/11 World Peace