Malware targeting GnuPG/PGP Keyrings
dshaw at jabberwocky.com
Thu Sep 25 21:35:58 CEST 2008
On Thu, Sep 25, 2008 at 11:09:46AM -0400, Robert J. Hansen wrote:
> Maarten Van Horenbeeck of the SANS Internet Storm Center delivered a
> fascinating presentation at this year's SANSFire. "Is Troy Burning? An
> overview of targeted trojan attacks." (It was a few months ago, but I
> just now got a copy of the slides.)
> According to Van Horenbeeck, we are now seeing trojans in the wild which
> are searching for PGP keyrings, intercepting passphrases, and sending
> the whole mess off elsewhere.
Neat. It's not the first time PGP keyrings have been targeted by
malware, but it does seem like a more effective attack than this
attack back in 1999:
Yep, a Word macro virus.
I wonder, though, how useful is this in practice? I think encryption
is both useful and very important in society (which is why I work on
GnuPG), but even at my most hopeful, I know that the number of people
who actually use PGP/GPG style encryption are a fraction of a fraction
of a tiny sliver of the number of people who don't. It seems odd for
a malware author to spend time going after such a small "target
market". Going after company-wide installs, perhaps?
More information about the Gnupg-users