Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

FinFisher spyware found running on computers all over the world

Corporate IT should monitor systems for signs of communication with command and control servers running FinFisher

Article comments

Computers that appear to be running the commercially available FinFisher spyware sold to law enforcement and governments have been found in almost a dozen countries on five continents, a security researcher said on Wednesday.

Because of his discovery, Rapid7 researcher Claudio Guarnier warned that corporate IT should monitor systems for signs of communication with command and control servers running FinFisher, made by UK-based Gamma Group.

Rapid7 has published the IP addresses and communication "fingerprint" of the command and control servers it has discovered. The information can be used in intrusion detection systems.

"If you can identify those networks actually communicating with those IPs, it most likely means some of the people on those networks are being spied on in some way," Guarnieri said.

FinFisher spyware has been found all over the world

FinFisher is able to record Skype and other voice over IP communications, log keystrokes and turn on a computer's webcam and microphone. The spyware, which can also steal files from a hard disk, is built to bypass dozens of antivirus systems.

Spyware that appeared to be FinFisher was first discovered last month in Bahrain. The malware was targeted at activists within the Persian Gulf kingdom but Gamma has denied that it never sold the product to Bahrain and is investigating whether a demonstration copy had been stolen from the company.

After obtaining samples of the Bahrain malware, Guarnier was able to isolate a peculiar way computers communicate with the software. The researcher found that the Bahrain server answered HTTP requests with the message "Hallo Steffi."

With the discovery of the fingerprint, Guarnier and his Rapid7 team started searching the Internet and found 12 C&C servers in 10 countries: the US, Indonesia, Australia, Qatar, Ethiopia, Czech Republic, Estonia, Mongolia, Latvia and Dubai.

Whether governments or police are using the servers cannot be determined by the information gathered by Rapid7. The security company also cannot say for sure that the computers are running FinFisher. "But it's a very big clue," Guarnier said of his findings.

"We think that they are most likely connected to the [FinFisher] infrastructure and are being run by different people across the globe," he said.

Gamma told Bloomberg that it sells FinFisher according to export regulations of the UK, US and Germany. Nevertheless, once the spyware is released on the Internet, samples will likely end up in the hands of cybercriminals who could build their own versions.

"Now that FinFisher is in the public domain, every government the world over should assume that those who intend to seek and destroy or steal and manipulate will be studying the mechanics of how this application was designed and will undoubtedly develop more of its kind," said Dennis Portney, president of Security Forensics.

The malware is also expected to be particularly difficult to detect. "With the stealth nature of these types of spyware, it is hard to estimate the number or scope of their infection or deployment," Xuxian Jiang, an assistant professor and computer science researcher at North Carolina State University, said.


More from Techworld

More relevant IT news


Round Belly said: Should be a crime for any goverment to use this and the CEO and staff of Gamma are guilty of murder of any killed due to its use

Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *