Malware targeting GnuPG/PGP Keyrings

David Shaw dshaw at
Thu Sep 25 21:35:58 CEST 2008

On Thu, Sep 25, 2008 at 11:09:46AM -0400, Robert J. Hansen wrote:
> Maarten Van Horenbeeck of the SANS Internet Storm Center delivered a
> fascinating presentation at this year's SANSFire.  "Is Troy Burning? An
> overview of targeted trojan attacks."  (It was a few months ago, but I
> just now got a copy of the slides.)
> According to Van Horenbeeck, we are now seeing trojans in the wild which
> are searching for PGP keyrings, intercepting passphrases, and sending
> the whole mess off elsewhere.

Neat.  It's not the first time PGP keyrings have been targeted by
malware, but it does seem like a more effective attack than this
attack back in 1999:

Yep, a Word macro virus.

I wonder, though, how useful is this in practice?  I think encryption
is both useful and very important in society (which is why I work on
GnuPG), but even at my most hopeful, I know that the number of people
who actually use PGP/GPG style encryption are a fraction of a fraction
of a tiny sliver of the number of people who don't.  It seems odd for
a malware author to spend time going after such a small "target
market".  Going after company-wide installs, perhaps?


More information about the Gnupg-users mailing list