Free security tools help detect Hacking Team malware

Rook Security and Facebook released free tools that will aid users in detecting Hacking Team malware.
Rook Security and Facebook released free tools that will aid users in detecting Hacking Team malware.

Sensitive information exposed in the Hacking Team leaks – more than 400 GB worth of zero-day vulnerabilities, other threats and more – has spurred Rook Security and Facebook to each release free security tools.

The Rook Security tool, known as the Milano utility, scans for the presence of files associated with the Hacking Team leaks, a Rook post indicated. For the first iteration of the tool, Rook Security analyzed 93 Windows binaries, of which 300 files were said to have a high likelihood of being misused.

The free Milano utility offers quick scan and deep scan features, and Rook Security said it is reviewing the remaining files from the Hacking Team leaks and will update the tool as new information is made available.

Focusing on Mac OS X attacks, Facebook's free tool is a query pack for osquery v1.4.5 and later, which is essentially designed to inform intrusion detection, incident response, vulnerability management and compliance efforts, a Facebook post said.

“Attackers continue to develop and deploy Mac OS X backdoors,” the post noted. “We've seen this with Flashback, IceFog, Careto, Adwind/Unrecom, and most recently, HackingTeam. The OS X-attacks pack has queries that identify known variants of malware, ranging from advanced persistent threats (APT) to adware and spyware.”

The tools, as well as efforts from companies such as Adobe to move quickly in plugging critical vulnerabilities, have not stopped attackers from taking advantage of information that came out of the Hacking Team leaks.

On Sunday, FireEye released information about a campaign targeting victims in Japan. According to a FireEye post, the threat group hosted exploit framework on at least two compromised Japanese websites and ultimately distributed a variant of SOGU malware by means of CVE-2015-5122.

Meanwhile, authorities continue to look into the attack on Hacking Team and subsequent leak of data. Citing sources familiar with the case, a Friday Reuters report said that prosecutors in Italy are investigating six former employees that could be connected to the incident.

You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS