"A couple of activists started receiving some emails with attachments that contain executables with the malware," explained Claudio Guarnieri, a security researcher with Rapid7, a Boston-based security company. "It turned out to be sample of the FinFisher toolkit, which is produced and sold by the Gamma Group in the United Kingdom. It's a full-featured trojan that is able to intercept Skype calls, intercept chat and intercept other forms of communication, as well. It can steal documents, take screenshots, take camera shots and send the data to a server. It's basically designed for surveillance by law enforcement and government."
The investigation points to servers and a number of different countries, all of which have reportedly denied use.
[Related:
Related: >New Flame/Stuxnet Descendent May be Heavily Weaponized
]
Bloomberg News reports that the managing director of Gamma International has said that his company has not sold FinFisher spyware to Bahrain, and that the company is currently investigating whether the malware samples used in these incidents were stolen demonstration copies or acquired elsewhere.
"We've learned a lot by examining it," added Guarnieri, during an interview with CRN. "It's heavily encrypted and will take some time before we can actually figure it out. But, while we were doing the analysis, we started probing the backend servers. We started finding indicators that would help us fingerprint the server, and we also began to find other servers. Eventually, as we began to publish information about this development, the operators began shutting down their network. So at this point, nothing is accessible, and we expect that they will move to different locations and different servers."
Guarnieri added that the investigation will continue.
"This malware has very limited distribution," he said. "The company tries to limit access to law enforcement and government. So, somehow it slipped out, or somebody who actually bought it used it in a way that it wasn't intended to be used."
PUBLISHED AUG. 9, 2012
related stories
Video
trending stories
sponsored resources

OutSystems
Modern Application Development 360

Symantec
Symantec Business Security Learning Center

HP Amplify™ - A Simplified Global Program for the Customer-Driven Digital Age
HP Inc.

Dell Technologies
Dell Technologies Cloud Learning Center

NPD
Industry Trends 360

EPOS
EPOS

Smart 3rd Party
3rd Party Maintenance 360

Products of the Year Showcase

Cysurance
Cyber Insurance 360

Dell Technologies
Dell Technologies Storage Learning Center

BlackBerry
BlackBerry Learning Center

Spectrum Partner Program
Spectrum Partner Program

ADT
Network Security 360

Dell Technologies
Dell Technologies Server Learning Center

WatchGuard
WatchGuard

APC by Schneider Electric
IoT Platforms 360

Tenable
Cyber Risk 360

Dell Technologies
Dell Technologies Hybrid Cloud Learning Center

StorageCraft
Disaster Recovery Learning Center

Comcast
Comcast Business Learning Center

Vertiv
Edge Computing 360

Sophos
Sophos Cybersecurity Learning Center

Wasabi
Wasabi

Webroot
Webroot Learning Center
