'Government hackers were using a previously-unknown vulnerability in
Microsoft's .NET Framework, a development platform for building apps,
to hack targets and infect them with spyware, according to security
firm FireEye. The firm revealed the espionage campaign on Tuesday, on
the same day Microsoft patched the vulnerability. According to
FireEye, the bug, which until today was a zero-day, was being used by
a customer of FinFisher, a company that sells surveillance and hacking
technologies to governments around the world. The hackers sent a
malicious Word RTF document to a "Russian speaker," according to Ben
Read, FireEye's manager of cyber espionage research. The document was
programmed to take advantage of the recently-patched vulnerability to
install FinSpy, spyware designed by FinFisher. The spyware masqueraded
as an image file called "left.jpg," according to FireEye.'
-- source: https://it.slashdot.org/story/17/09/12/2022235
For Windows, there seems to be Detekt (written in Python) which can
detect some versions of FinSpy apparently:
Maybe we should finally look at demoing some security tools at the next meeting?
- Sophos scanner
- ... (other suggestions?)
In other words, I'd need volunteers to do a short show and tell.
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 858-5174