[NetBehaviour] FBI uses CIPAV (PC spyware) for the first time.

[marc garrett]

FBI uses CIPAV (PC spyware) for the first time.

The FBI has used PC spyware for the first time to reveal the identity of 
an offender who sent bomb threats to a high school in Washington state. 
In his blog on the American Internet service site, US journalist Declan 
McCullagh refers to the declaration from the FBI official who applied 
for the search warrant (PDF). The declaration describes the mode of 
operation of the spyware which the FBI is using under the abbreviation 
CIPAV (Computer and Internet Protocol Address Verifier).

CIPAV is apparently a Windows program which the FBI deploys via e-mail 
or Instant Messaging. The program installs itself on the target computer 
or on a web account such as MySpace or Google Mail from whence it moves 
on to the target computer. Once installed, CIPAV searches the entire 
hard disk and sends the FBI a record of the names of all running 
programs, browser data, operating system type (including the serial 
number) and all user information from the registry. Thereafter it 
apparently operates as a pen register, recording the URLs and IP 
addresses visited but not the contents of communications - a point which 
the FBI emphasised several times in their declaration. The FBI document 
does not reveal whether CIPAV in its current version is technically 
capable of including and passing on the contents of communications or 
indeed of keylogging.

more...
http://www.heise-security.co.uk/news/92950