Free Tools For Detecting Hacking Team Malware In Your Systems

← Back to Stories (view on slashdot.org)

Free Tools For Detecting Hacking Team Malware In Your Systems

Posted by timothy on Tuesday July 21, 2015 @03:41AM from the just-checking dept.

An anonymous reader writes: Worried that you might have been targeted with Hacking Team spyware, but don't know how to find out for sure? IT security firm Rook Security has released Milano, a free automated tool meant to detect the Hacking Team malware on a computer system. Facebook has also offered a way to discover if your Mac(s) have been compromised by Hacking Team malware: they have provided a specific query pack for its open source OS analysis tool osquery.

11 of 62 comments (clear)

Min score:

Reason:

Sort:

Hmmm ... by gstoddart · 2015-07-21 03:46 · Score: 5, Insightful

So how do we know we can trust the hacking tools designed to tell us if the hacking tools have installed hacking tools?
If this shit isn't proof that giving governments backdoors to security and crypto is a terrible idea, I have no idea what is.

--
Lost at C:>. Found at C.
1. Re:Hmmm ... by ArcadeMan · 2015-07-21 03:51 · Score: 4, Funny
  
  The evil bit is turned off.
  
  --
  Get free satoshi (Bitcoin) and Dogecoins
Where do I sign up? by sjbe · 2015-07-21 04:20 · Score: 4, Funny

Hmm, some security firm I've never heard of, releases a tool I've never heard of, which is supposed to tell me if I've been got spyware with alleged government ties. Yeah, that sounds super trustworthy...
Oops, I left the sarcasm bit turned on. Sorry about that...
Let me see if I understand this by argStyopa · 2015-07-21 04:54 · Score: 5, Insightful

...so, to see if I have undetected malware buried in my system, I should run an unidentified exe file from a company I've NEVER heard of?
Well, that sounds like a great idea.

--
-Styopa
1. Re:Let me see if I understand this by Anonymous Coward · 2015-07-21 05:11 · Score: 2, Funny
  
  Make sure to run it with elevated privilege. :)
2. Re:Let me see if I understand this by Anonymous Coward · 2015-07-21 05:58 · Score: 5, Informative
  
  Well, following their own whois information:
  Rook Security is apparently a front for the "Rook Group,"
  Registrant Name: Rook Group
  Registrant Organization: Rook Consulting
  Registrant Street: 560 S. Winchester Blvd
  Registrant Street: Suite 500
  Registrant City: San Jose
  Registrant State/Province: California
  Registrant Postal Code: 95128
  Registrant Country: United States
  Registrant Phone: +1.8887129531
  Registrant Phone Ext:
  Registrant Fax:
  Registrant Fax Ext:
  Registrant Email: info@rookconsulting.net ..of "Rook Consulting." So it's already sounding like a holding company...the interesting part is who's behind all -that- mess, on rooksecurity.com, they list their "PR" contact as twhitman@vocecomm.com...Tim Whitman, who apparently is also the PR contact for another no-name outfit, BeyondTrust:
  http://www.beyondtrust.com/New...
  One of the few articles I can find advertising their "skills" is one of their own press releases and all the companies involved seem to be awfully vague about what services they're offering exactly...
Re:Zero need is always free by behrooz0az · 2015-07-21 04:58 · Score: 3, Insightful

Hate to break it to You, You look so pretty in your small little iSheep bubble. but their malware IS cross-platform and those platforms DO INCLUDE Mac.

--
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion. -- Spazmania (174582)
I downloaded it and then uploaded to virustotal by waspleg · 2015-07-21 06:16 · Score: 3, Informative

2/54, could be false positives I've at least heard of Rook Security although I forget in what context ;)
Facebook's tool by CanadianMacFan · 2015-07-21 06:32 · Score: 3, Insightful

I'll take my chances with the Hacking Team malware, I trust them more.
Not sure I can trust them... by Raxxon · 2015-07-21 08:17 · Score: 3, Informative

Figured I'd take a look at the tools. Download what claims to be the software for windows (first link). Get presented with a Zip file, as expected. Open zip file and find.... OSX software. Thinking I clicked on the wrong link I went back to download a second time... Same file.
So... yeah.. ranking real high on the trust value right now.
Milano v1.0.1 Available on GitHub by TGorup · 2015-07-22 07:14 · Score: 2

Thank you for your comments!

In order to ensure full transparency and growth to the Milano tool we are releasing the source code on GitHub (link below). Our intentions are to give people a way to protect themselves. The executable was created with the lowest technical user in mind and now we want to make sure we are completely transparent with how our tool operates. In lieu of executing the binary the .py script on GitHub can be leveraged. We have learned a lot during our releases to include, leaving '.DS_Store' within the zip, consistent folder/file names, etc.

This is the first time we have released tools to the public for free. We will continue to develop, improve, and grow our processes as these opportunities are identified. We truly appreciate the feedback and suggestions and will continue to take them into account with every release.

GitHub Repo: https://github.com/RookLabs/mi...
Blog Post: https://www.rooksecurity.com/w...