Maarten Van Horenbeeck of the SANS Internet Storm Center delivered a fascinating presentation at this year's SANSFire. "Is Troy Burning? An overview of targeted trojan attacks." (It was a few months ago, but I just now got a copy of the slides.)
According to Van Horenbeeck, we are now seeing trojans in the wild which are searching for PGP keyrings, intercepting passphrases, and sending the whole mess off elsewhere. The particular one he used in his presentation was flagged as malware by: Sophos 4.27 VirusBuster 4.3.26 ... Everything else -- AVG, ClamAV, F-Prot, F-Secure, McAfee, Panda, Symantec, etc. -- gave it a clean bill of health. (This doesn't surprise me very much; generally speaking, antivirus software is wildly overestimated in its ability to keep you safe.) At present, it does not seem to target GnuPG keyrings. It seems like such an obvious and trivial extension, though, that it would be prudent to assume it already exists. Please do not panic. This is not a "the world is on fire!" post. It's been common knowledge for years that these sorts of attacks were possible and it was a matter of time until we saw real-world examples. All I'm saying is that we're now at that time. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
