FinFisher Spyware Designed For Police And Government Apparently Enters The Wild
"A couple of activists started receiving some emails with attachments that contain executables with the malware," explained Claudio Guarnieri, a security researcher with Rapid7, a Boston-based security company. "It turned out to be sample of the FinFisher toolkit, which is produced and sold by the Gamma Group in the United Kingdom. It's a full-featured trojan that is able to intercept Skype calls, intercept chat and intercept other forms of communication, as well. It can steal documents, take screenshots, take camera shots and send the data to a server. It's basically designed for surveillance by law enforcement and government."
The investigation points to servers and a number of different countries, all of which have reportedly denied use.
[Related: Related:>New Flame/Stuxnet Descendent May be Heavily Weaponized** ]**
Bloomberg News reports that the managing director of Gamma International has said that his company has not sold FinFisher spyware to Bahrain, and that the company is currently investigating whether the malware samples used in these incidents were stolen demonstration copies or acquired elsewhere.
"We've learned a lot by examining it," added Guarnieri, during an interview with CRN. "It's heavily encrypted and will take some time before we can actually figure it out. But, while we were doing the analysis, we started probing the backend servers. We started finding indicators that would help us fingerprint the server, and we also began to find other servers. Eventually, as we began to publish information about this development, the operators began shutting down their network. So at this point, nothing is accessible, and we expect that they will move to different locations and different servers."Guarnieri added that the investigation will continue."This malware has very limited distribution," he said. "The company tries to limit access to law enforcement and government. So, somehow it slipped out, or somebody who actually bought it used it in a way that it wasn't intended to be used."PUBLISHED AUG. 9, 2012