Troj/BckR2D2-A is a Trojan designed to record Skype conversations and to the eavesdrop on MSN Messenger and Yahoo Messenger chat clients. It also records screenshots and logs keystrokes in Internet Explorer, Firefox, Opera and SeaMonkey.
The Trojan was recently disclosed by a former suspect in a German government investigation who later reviewed the evidence used against him. The former suspect noticed screenshots from his computer and provided a copy of his hard drive to the Chaos Computer Club (CCC) in Germany.
The CCC used forensic software to recover deleted files and reverse engineered the functionality of the Trojan. On Saturday, 8th of October 2011, the CCC published a report on their webpage and made the files available to other researchers. The group alleges the Trojan was created by German authorities to spy on suspects.
Back in December 2010, a variant of this Trojan examined by Virus Total went undetected by antivirus products using traditional signature-based techniques. However, current security suites have additional features that Virus Total can't reflect.
For example, once the dropper is executed, Sophos Anti-Virus raises two HIPS alerts: HIPS/RegMod-013 and HIPS/ProcInj-001.
This is not a widespread Trojan and was probably only used on a handful of suspects. German law enforcement agencies have the authority to use such Trojans, but German law prohibits authorities from using a generic Trojan for all cases.