F-Secure: Be Sure
Main
F-Secure Logo - Be Sure
Select local site


Privacy Policy
Legal Notices
Contact Us

F-Secure Virus Descriptions : Danschl.A





NAME:Magic Lantern

Magic Lantern is supposed to be a codename for a backdoor password stealing program developed by FBI/NSA as part of the Carnivore/Echelon intelligence program.

It's doubtful that Magic Lantern really exists. Surely the antivirus industry hasn't seen it. Thus questions on whether some products detect or miss it on purpose are irrelevant at this stage.

General questions on whether we would add detection of similar programs are discussed here:

http://www.f-secure.com/virus-info/bdtp.shtml

NAME:Danschl.A
ALIAS:Malantern

Danschl is a simple Win32 trojan, written by a teenager. It mentions the words "Magic Lantern" several times, trying to cash in with the commotion caused by the FBI's alleged tool. Obviously this simple trojan has nothing to do with FBI.

This Visual Basic trojan was distributed in IEPATCH.EXE file.

When run, the trojan deletes C:\WINDOWS\TEMP directory and creates a series of new directories: 

  C:\WINDOWS\Magic Latern
  C:\WINDOWS\FBI software
  C:\WINDOWS\John ASScroft
  C:\WINDOWS\Bill Gatez
  C:\WINDOWS\Desktop\666
  C:\WINDOWS\Desktop\Bin Laden
  C:\WINDOWS\Desktop\666 WTC
  C:\WINDOWS\Desktop\Magic Fuckers
  C:\WINDOWS\Desktop\Agentlinux
  C:\WINDOWS\Desktop\iFuckedYourWife
  C:\WINDOWS\Desktop\Biohazard Virii

After this the trojan deletes all driver files (.SYS) from C:\WINDOWS\SYSTEM32\DRIVERS\ and displays this message: 

  Thank you for using Microsoft

Finally the trojan displays a screen with this message: 

  FBI                        -=Magic Lantern=-                             FBI


   Oh no -this is a VIRUS coded by the FBI  *this virus was installed because
   you are a fucking criminal* we will now watch what u do =if you don't want
   us "FBI Agents" to watch you please give us a call


   we are watching you -when you fuck,sleep,eat HAHAHAHAHAHA-


   This Virus was coded by XXXXX XXXXXXX aka Agentlinux  of the NSA


  FBI                     [ Who is -=Agentlinux=- ]                        FBI

When the "Who is..." button is pressed, the trojan displays several message boxes with these texts in them: 

  (c) 2001-2002 Agentlinux --tHe hAcKeR--
  Agentlinux@hotmail.com
  Age:17  [12/10/84]
  i made this VIRUS 2 f*ck the FBI project up!!
  don't try to find me -U CAN'T-
  if u do you won't have any Evidence anyway
  HAHAHAHAHAHAHAHAHAHAHAHAHAHA
  i am a Crypto Expert
  using RSA Encryption Software coded by me
  so there ain't no f*ckin back doors!!

[F-Secure Corporation & Kaspersky Lab, November 2001]