e-bugs: should anti-virus products detect them? presented at Virus Bulletin 2002

by Graham Cluley (Sophos anti-virus),

Tags: Security

URL : http://www.virusbtn.com/conference/vb2002/abstracts/e_bugs.xml

Summary : "Recently there have been media reports about the FBI's use of software
to monitor the activity of suspected criminals and terrorists. These
so-called `e-bugs' (with codenames such as Magic Lantern) capture the
keystrokes of remote computer users in a similar way to the Trojan
horses dropped by worms like Badtrans.

There have been suggestions in the media that some anti-virus
companies may work in co-operation with the FBI, and deliberately not
detect such Trojan horses.

This paper examines whether non-detection of e-bugs makes sense and
whether customers have a legitimate requirement to be informed if they
are being `e-bugged'.

This paper makes the case that using 'e-bugs' to spy on suspected
criminals and terrorists is fraught with dangers, as there is no way
of ensuring that the code will not be adapted by its recipients for
illegal use.