Wednesday, 22 July 2015

Free Tools Detect Hacking Team Backdoors

Both Facebook and the US security Smoke Security have developed a free tool that allows users and administrators to detect backdoors on their systems which come from the data that was stolen by the Italian Hacking Team.

Smoke Security analyzed the more than 400GB of data stolen and discovered herein 40 files that could be used to attack users or could assist. To detect these files, the security company developed the " Milano "tool. The tool features a 'quick scan' and 'deep scan'.

The quick scan checks for file name. If the retrieved file name matches the name of one of the found Hacking Team files, it is then also the MD5 hash compared with that of the stolen Hacking Team file. The deep scan compares the hash of all files on the computer with that of Hacking Team files.


Last year, Facebook launched " osquery ", an open source project to monitor multiple platforms including Ubuntu, CentOS and Mac OS X. The current state of the operating system can be viewed on the basis of SQL based queries and tables, such as processes, loaded kernel modules and open network connections. According to Facebook's osquery for putting all kinds of things, such as intrusion detection, compliance and vulnerability management.

Facebook now has a new version of osquery launched which should be more user friendly. So are used "query packs", which basically clustered SQL queries are being offered as a file. One of the packs offered by Facebook specifically targets Mac OS X backdoors. Through the "OS X attacks pack" Organizations can now check whether a Mac computer in their area is infected with malware. It therefore comes to the Mac backdoor that was found in the stolen data of Hacking Team.

No comments:

Post a Comment