According to a weekend posting by the infamous German hacking group, the trojan is capable of secretly spying on web users without their consent.
The trojan, said the CCC – which was found in the wild and submitted to its research team anonymously – “can not only siphon away intimate data but also offers a remote control or backdoor functionality for uploading and executing arbitrary other programs.”
“Significant design and implementation flaws make all of the functionality available to anyone on the internet” adds the CCC, noting that even before the German constitutional court – the Bundesverfassungsgericht – forbade the use of malware to manipulate German citizen's PCs in early 2008, the German government introduced a less conspicuous variant of the term spy software called Quellen-TKÜ.
The term, said the CCC, means 'source wiretapping' or lawful interception at the source, and this trojan – which the club says is the first Quellen-TKÜ – can only be used for wiretapping internet telephony.
“The CCC now published the extracted binary files of the government malware that was used for Quellen-TKÜ, together with a report about the functionality found and our conclusions about these findings”, said the club, adding that it has coded its own remote control software for the trojan.
The trojan has been named Bundestrojaner light - federal trojan – by the club and the CCC researchers claim that the malware has been coded to clandestinely add more components over the network right from the start, making it a bridgehead to further infiltrate the computer.
"Our analysis revealed once again that law enforcement agencies will overstep their authority if not watched carefully. In this case functions clearly intended for breaking the law were implemented in this malware: they were meant for uploading and executing arbitrary code on the targeted system", said the club in a weekend statement.
Commenting on the CCC's discovery, F-Secure's chief technology officer Mikko Hypponen said that the firm's software will detect and disable the trojan on users' computers, although he noted that it is not possible to confirm that the trojan was coded by the German government.
"We do not know who created this backdoor and what it was used for", he said his latest security posting, but he added that there is no reason to suspect the CCC's findings.