e-bugs: should anti-virus products detect them?

Graham Cluley Sophos Anti-Virus

Recently there have been media reports about the FBI's use of software to monitor the activity of suspected criminals and terrorists. These so-called `e-bugs' (with codenames such as Magic Lantern) capture the keystrokes of remote computer users in a similar way to the Trojan horses dropped by worms like Badtrans.

There have been suggestions in the media that some anti-virus companies may work in co-operation with the FBI, and deliberately not detect such Trojan horses.

This paper examines whether non-detection of e-bugs makes sense and whether customers have a legitimate requirement to be informed if they are being `e-bugged'.

This paper makes the case that using 'e-bugs' to spy on suspected criminals and terrorists is fraught with dangers, as there is no way of ensuring that the code will not be adapted by its recipients for illegal use.

VB Conferences

VB2010 (Vancouver)

VB2009 (Geneva)

VB2008 (Ottawa)

VB2007 (Vienna)

VB2006 (Montréal)

VB2005 (Dublin)

VB2004 (Chicago)

VB2003 (Toronto)

VB2002 (New Orleans)

VB2001 (Prague)

VB2000 (Orlando)

VB99 (Vancouver)

VB98 (Munich)

VB97 (San Francisco)

VB96 (Brighton)

VB95 (Boston)

VB94 (Jersey)

VB93 (Amsterdam)

VB92 (Edinburgh)

VB91 (Jersey)

‘This was my first attendance at a Virus Bulletin conference and I found it extremely worthwhile - excellent speakers, good discussions, valuable networking and generally a decent educational venue.’