Industry News

Easter Egg in Government-Sanctioned Trojan Proves Programmer Humor Not Dead

An easter egg hidden in a commercial spyware product from Gamma International proves once again that programmer’s humor is not dead, even when government interests are at stake. According to an analysis report from Claudio Guarnieri, a researcher at Rapid7, the FinFisher Lawful Interception malware responds with “Hallo Steffi!” whenever their servers are queried.

This is presumed to be an internal joke, but also reveals that the Trojan has probably been coded in Germany, or at least  by German-speaking developers.

Easter eggs are undocumented features usually included by programmers just for fun. Once extremely popular in major applications and operating systems (including products from  Microsoft, such as the Microsoft Bear, the Microsoft Bunny or the  Word 97 Pinball game), they have been phased out because of government regulations regarding undocumented features (the Trustworthy Computing Initiative).

The FinFisher FinSpy Trojan is used by the federal government in Germany and uses a decentralized command-and-control infrastructure with servers in Ethiopia, Australia, Dubai, Estonia, Indonesia, Qatar, Latvia, Mongolia, the Czech Republic and the US. The Trojan surfaced as it was revealed as the main instrument of espionage for political activists in Bahrain.

About the author


Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.

1 Comment

Click here to post a comment