Detekt tool released to find surveillance malware
Posted by: Timothy Weaver on 11/20/2014 10:29 PM
[
Comments
]
A free tool, dubbed Detekt was released Thursday that will allow users to scan their computers for surveillance malware. It is designed mainly for journalists, human rights defenders and political activists around the world.
The tool will scan a computer for patterns that use several families of remote access Trojans (RATs): DarkComet RAT, XtremeRAT, BlackShades RAT, njRAT, FinFisher FinSpy, HackingTeam RCS, ShadowTech RAT and Gh0st RAT.
These malware programs have been used against non-governmental organizations, human rights activists, journalists and religious or ethnic minority groups.
Detekt can be a good start to identify potential infections, however it can not guarantee that a system is completely clean of surveillance malware.
Amnesty International, Digitale Gesellschaft, the Electronic Frontier Foundation and Privacy International, the developers, wrote: “Beware that it is possible that Detekt may not successfully detect the most recent versions of those malware families. Indeed, some of them will likely be updated in response to this release in order to remove or change the patterns that we identified. In addition, there may be existing versions of malware, from these families or from other providers, which are not detected by this tool. If Detekt does not find anything, this unfortunately cannot be considered a clean bill of health.”
Detekt is not a removal tool. If malware is detected, users are advised to get professional help.
The website reads: “Firstly, stop using the infected computer immediately and disconnect it from the Internet, other network and removable devices, unless strictly necessary. Secondly, decide whether to dispose of the computer or keep it and seek further assistance to investigate the attack and help you to safely recover your computer. We suggest that you speak with an expert to help you make this decision.”
The site lists email addresses from experts working with the project.
The tool will scan a computer for patterns that use several families of remote access Trojans (RATs): DarkComet RAT, XtremeRAT, BlackShades RAT, njRAT, FinFisher FinSpy, HackingTeam RCS, ShadowTech RAT and Gh0st RAT.
These malware programs have been used against non-governmental organizations, human rights activists, journalists and religious or ethnic minority groups.
Detekt can be a good start to identify potential infections, however it can not guarantee that a system is completely clean of surveillance malware.
Amnesty International, Digitale Gesellschaft, the Electronic Frontier Foundation and Privacy International, the developers, wrote: “Beware that it is possible that Detekt may not successfully detect the most recent versions of those malware families. Indeed, some of them will likely be updated in response to this release in order to remove or change the patterns that we identified. In addition, there may be existing versions of malware, from these families or from other providers, which are not detected by this tool. If Detekt does not find anything, this unfortunately cannot be considered a clean bill of health.”
Detekt is not a removal tool. If malware is detected, users are advised to get professional help.
The website reads: “Firstly, stop using the infected computer immediately and disconnect it from the Internet, other network and removable devices, unless strictly necessary. Secondly, decide whether to dispose of the computer or keep it and seek further assistance to investigate the attack and help you to safely recover your computer. We suggest that you speak with an expert to help you make this decision.”
The site lists email addresses from experts working with the project.
Comments
