FinFisher spy kit's C&C servers are popping up around the world
Posted on 02.05.2013
Some two months ago, Reporters Without Borders have identified UK-based Gamma International as one of the "enemies of the Internet" due to their FinFisher spyware tool kit being used by a number of oppressive governments.

In 2012, Rapid7 researchers discovered a number of C&C servers around the world that responded being contacted by the malware, but it was impossible to tell if they belonged to governments.

Toronto-based Citizen Lab's latest report shows that the number of counties in which active FinFisher C&C servers are located has jumped to 36, and includes Australia, Austria, Bahrain, Bangladesh, Brunei, Bulgaria, Canada, Czech Republic, Estonia, Ethiopia, Germany, Hungary, India, Indonesia, Japan, Latvia, Lithuania, Macedonia, Malaysia, Mexico, Mongolia, Netherlands, Nigeria, Pakistan, Panama, Qatar, Romania, Serbia, Singapore, South Africa, Turkey, Turkmenistan, United Arab Emirates, United Kingdom, United States, Vietnam.

The report also revealed that the spying software is being distributed to Malay language speakers under the guise of the popular Mozilla Firefox web browser.

Here is how the details of the malicious file (left) look compared to the legitimate firefox.exe file (right) (click on the screenshot to enlarge it):



"This is not the first time that a FinSpy sample has used the “Mozilla Firefox” product name to masquerade as legitimate software. Samples from the FinSpy campaign targeting Bahraini activists last year used an assembly manifest that impersonated Mozilla’s Firefox browser," the researchers noted.

Following this revelation Mozilla has sent Gamma a cease and desist letter demanding that they stop with these illegal practices, and misusing Mozilla's brand, trademarks and public trust.

"Mozilla has a longstanding history of protecting users online and was named the Most Trusted Internet Company for Privacy in 2012 by the Ponemon Institute. We cannot abide a software company using our name to disguise online surveillance tools that can be – and in several cases actually have been – used by Gamma’s customers to violate citizens’ human rights and online privacy," they stated.

Privacy International has recently been trying to discover under which conditions Gamma International has been allowed to export FinFisher, but they haven't had much luck with it, Citizen Lab researchers pointed out.

I recommend reading the entire report as it really goes in great detail about how the spyware works. You can download it here.









Spotlight

Bash Shellshock bug: More attacks, more patches

Posted on 29 September 2014.  |  As vendors scramble to issue patches for the GNU Bash Shellshock bug and companies rush to implement them, attackers around the world are probing systems for the hole it opens.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Sep 30th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //