Tag Archives: Malware

WikiLeaks posts ‘weaponized malware’ for all to download | ZDNet


Taking a look at it…

There are several components to this package. It’s not just one piece. There is an usb infection method along with accompanying 8g usb flash drives. There is an ISP method placed at the ISP acting as a man in the middle. There is an automated LAN/WAN component. There is the Web component (which was leaked first called FinFly-Web and appears to have been the actual demonstration copy) which included injection methods to infect a page itself. The test demonstration was on adobe.com. The web infection method masquerades as a Java, Flash, Realplayer and Chrome updates or a Missing Codec. I’m sure you have all seen this just about anywhere you surf the net. This was not sold ONLY to foreign governments and key information is being left out of the article above. There is also a point and click server interface that acts as a typical C&C type trojan also allowing a customized attack according to the target and vulnerabilities of that machine. There are also mobile payloads for all mobile os’s even blackberry. The web infection includes payloads for ALL os’s. not just windows. MAC and linux as well. The IOS infection requires the device to be jailbroken in order for most functions to work. All information can be found on the internet already as well as GammaGroup admitting the have “run out of governements to sell to” According to their twitter posts they have also begun selling to Security companies. The actual Product Flying states an intrusion can also be accomplished without knowing anything of the target but an email address. FinFisher V1 was detectable by only 6 out of 54 major AV products, V2 is undetectable by all AV products that exist. Since most are gullible and click when it says your “whatever” is out of date, it will install a RAT (Remote Access Trojan) to the system allowing monitoring (among other things) at will. There are articles from it’s first appearance on the net and a complete breakdown of it parts and methods that are dated several years ago and code is similar to other nation/state infections we have seen in the past. I wish, when people tell the story, they would tell the WHOLE story and not just bits and pieces. Entire package contents are listed in the Product brochure as following : (and it disgusts me to know all of this…)

Tactical IT Intrusion Portfolio

FinIntrusion Kit

FinUSB Suite

FinFireWire

Remote Monitoring & Infection Solutions

FinSpy .

FinSpy

FinSpy Mobile

FinFly .

FinFly USB

FinFly LAN

FinFly Web

FinFly ISP

IT Intrusion Training Program

Basic & Advanced Intrusion

Wireless Intrusion

Practical Exploitation

Web Application Penetration

Custom IT Intrusion Training & Consulting

They also provide a cd that will bypass the windows logon process so as not to require the targets password to gain physical access to the machine. The master server is setup to allow anyone with no experience to use and craft attacks with 0 experience in hacking. Making this a script kiddies wet dream. Hence why information is all over the net.

Nate_K

16 September, 2014 17:42

Reply 11 Votes

via WikiLeaks posts ‘weaponized malware’ for all to download | ZDNet.

A Malware Classification


Virus: Simply speaking, computer viruses are a type of self-replicating program code that are installed onto existing programs without user consent. Their definitions can be broken down much further though, by the type of objects they are infecting, the methods they use to select their hosts, or the techniques used to attack. They can appear in numerous forms as well, ranging anywhere from email attachments to malicious download links on the Internet, and can perform many harmful tasks on your OS. Nowadays viruses are quite rare because cybercriminals look to have more control over malware distribution, otherwise, new samples quickly fall into the hands of antivirus vendors.

Worm: Worms are considered to be a subdivision of viruses since they are also self-replicating programs; however unlike viruses, they do not infect existing files. Instead, worms are installed directly onto their victims’ computers in a single instance of “self standing” code, before finding opportunities to spread or tunnel themselves into other systems through things like the manipulation of vulnerable computer networks. Worms, as with viruses, can also be defined further by breaking down the methods in which they infect, like through email, instant messaging or file sharing.  Some worms exist as standalone files, while others reside in computer memory only.

Trojan: Quite opposite from viruses and worms, Trojans are non-replicating programs that pretend to be legitimate, but are actually designed to carry out harmful actions against their victims. Trojans get their name from acting in the same manner as the infamous Greek Trojan horse, concealing themselves as useful programs while quietly carrying out their actual destructive functions. Since Trojans are not self-replicating, they do not spread by themselves. But thanks to the increased scope of the Internet, it has become very easy for them to reach many users. They’ve also grown to now come in many forms, like Backdoor Trojans (which try to take over remote administration of their victims’ computers) and Trojan Downloaders (which install malicious code).

Ransomware: Ransomware is malware that is designed to extort money from its victims. It can appear as a pop up, phishing link, or malicious website, and once acted on, will trigger a vulnerability in the user’s system, locking out the keyboard and screen, and sometimes even the entire computer. It’s intended to scam people by falsely accusing them of doing things like using pirated software or watching illegal videos, displaying warning pop ups, trying to make them act quickly by saying the warning message will only be removed if a fine is paid.

Rootkit: A rootkit is a special form of malware, designed specifically to hide its presence and actions from both the user and any existing protection software they have installed on their system. It’s able to do this via deep integration with the operating system, sometimes even starting before the operating system does (this variety of rootkit has its own name, bootkits). Sophisticated antivirus software is still able to detect rootkits and get rid of them though.

Backdoor (RAT): A Backdoor, or a Remote Administration Tool, is an application that allows a person (the system administrator or a cybercriminal) access to a computer system without user consent or knowledge. Depending on the RAT functionality, an attacker could install and launch other software, send keystrokes, download or delete files, switch the microphone and/or camera on, or log computer activity and send it back to the attacker.

Downloader:  These infections are small pieces of code that are used to quietly take executable files, or files that command your computer to perform indicated tasks, from the server. Once downloaded, through things like email attachments and malicious images, they communicate back to a command server and are then instructed to download additional malware onto your system.

via A Malware Classification -Kaspersky Daily | We use words to save the world | Kaspersky Lab Official Blog.