Taking a look at it…
There are several components to this package. It’s not just one piece. There is an usb infection method along with accompanying 8g usb flash drives. There is an ISP method placed at the ISP acting as a man in the middle. There is an automated LAN/WAN component. There is the Web component (which was leaked first called FinFly-Web and appears to have been the actual demonstration copy) which included injection methods to infect a page itself. The test demonstration was on adobe.com. The web infection method masquerades as a Java, Flash, Realplayer and Chrome updates or a Missing Codec. I’m sure you have all seen this just about anywhere you surf the net. This was not sold ONLY to foreign governments and key information is being left out of the article above. There is also a point and click server interface that acts as a typical C&C type trojan also allowing a customized attack according to the target and vulnerabilities of that machine. There are also mobile payloads for all mobile os’s even blackberry. The web infection includes payloads for ALL os’s. not just windows. MAC and linux as well. The IOS infection requires the device to be jailbroken in order for most functions to work. All information can be found on the internet already as well as GammaGroup admitting the have “run out of governements to sell to” According to their twitter posts they have also begun selling to Security companies. The actual Product Flying states an intrusion can also be accomplished without knowing anything of the target but an email address. FinFisher V1 was detectable by only 6 out of 54 major AV products, V2 is undetectable by all AV products that exist. Since most are gullible and click when it says your “whatever” is out of date, it will install a RAT (Remote Access Trojan) to the system allowing monitoring (among other things) at will. There are articles from it’s first appearance on the net and a complete breakdown of it parts and methods that are dated several years ago and code is similar to other nation/state infections we have seen in the past. I wish, when people tell the story, they would tell the WHOLE story and not just bits and pieces. Entire package contents are listed in the Product brochure as following : (and it disgusts me to know all of this…)
Tactical IT Intrusion Portfolio
FinIntrusion Kit
FinUSB Suite
FinFireWire
Remote Monitoring & Infection Solutions
FinSpy .
FinSpy
FinSpy Mobile
FinFly .
FinFly USB
FinFly LAN
FinFly Web
FinFly ISP
IT Intrusion Training Program
Basic & Advanced Intrusion
Wireless Intrusion
Practical Exploitation
Web Application Penetration
Custom IT Intrusion Training & Consulting
They also provide a cd that will bypass the windows logon process so as not to require the targets password to gain physical access to the machine. The master server is setup to allow anyone with no experience to use and craft attacks with 0 experience in hacking. Making this a script kiddies wet dream. Hence why information is all over the net.
Nate_K
16 September, 2014 17:42
Reply 11 Votes
via WikiLeaks posts ‘weaponized malware’ for all to download | ZDNet.