WikiLeaks posts ‘weaponized malware’ for all to download | ZDNet

Taking a look at it…

There are several components to this package. It’s not just one piece. There is an usb infection method along with accompanying 8g usb flash drives. There is an ISP method placed at the ISP acting as a man in the middle. There is an automated LAN/WAN component. There is the Web component (which was leaked first called FinFly-Web and appears to have been the actual demonstration copy) which included injection methods to infect a page itself. The test demonstration was on The web infection method masquerades as a Java, Flash, Realplayer and Chrome updates or a Missing Codec. I’m sure you have all seen this just about anywhere you surf the net. This was not sold ONLY to foreign governments and key information is being left out of the article above. There is also a point and click server interface that acts as a typical C&C type trojan also allowing a customized attack according to the target and vulnerabilities of that machine. There are also mobile payloads for all mobile os’s even blackberry. The web infection includes payloads for ALL os’s. not just windows. MAC and linux as well. The IOS infection requires the device to be jailbroken in order for most functions to work. All information can be found on the internet already as well as GammaGroup admitting the have “run out of governements to sell to” According to their twitter posts they have also begun selling to Security companies. The actual Product Flying states an intrusion can also be accomplished without knowing anything of the target but an email address. FinFisher V1 was detectable by only 6 out of 54 major AV products, V2 is undetectable by all AV products that exist. Since most are gullible and click when it says your “whatever” is out of date, it will install a RAT (Remote Access Trojan) to the system allowing monitoring (among other things) at will. There are articles from it’s first appearance on the net and a complete breakdown of it parts and methods that are dated several years ago and code is similar to other nation/state infections we have seen in the past. I wish, when people tell the story, they would tell the WHOLE story and not just bits and pieces. Entire package contents are listed in the Product brochure as following : (and it disgusts me to know all of this…)

Tactical IT Intrusion Portfolio

FinIntrusion Kit

FinUSB Suite


Remote Monitoring & Infection Solutions

FinSpy .


FinSpy Mobile

FinFly .

FinFly USB

FinFly LAN

FinFly Web

FinFly ISP

IT Intrusion Training Program

Basic & Advanced Intrusion

Wireless Intrusion

Practical Exploitation

Web Application Penetration

Custom IT Intrusion Training & Consulting

They also provide a cd that will bypass the windows logon process so as not to require the targets password to gain physical access to the machine. The master server is setup to allow anyone with no experience to use and craft attacks with 0 experience in hacking. Making this a script kiddies wet dream. Hence why information is all over the net.


16 September, 2014 17:42

Reply 11 Votes

via WikiLeaks posts ‘weaponized malware’ for all to download | ZDNet.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s