Posts Tagged ‘Malware’

Sen. Charles Grassley (R-Iowa) has sent a letter to FBI Director James Comey asking for “more specific information about the FBI’s current use of spyware”. The letter includes a list of highly specific questions about the way the FBI uses remote exploitation capabilities and spyware tools. The letter is related to a current effort by the Department of Justice to get more leeway in the way that its agencies use spyware tools in criminal investigations.

Intelligence agencies and military branches are known to use exploits for zero days in their work, some of which are developed internally and others that are purchased from outside vendors. In 2013, a contract surfaced that showed the NSA had subscribed to a zero-day exploit service run by VUPEN, a French company that develops and sells vulnerability and exploit information. And last month the U.S. Navy published a solicitation for zero days in a variety of popular software.

In addition to the information on exploit usage, Grassley also is asking Comey for more details on the FBI’s phishing operations. Last year, it was reported that the FBI at one point ran an operation that involved setting up a site to impersonate the Associated Press in order to get a target to click on a link that would install a remote monitoring tool. AP officials were indignant at the revelation, saying it undermined the organization’s credibility. In his letter, Grassley asks how many other times the FBI has used this tactic and whether the bureau ever informs the companies it is impersonating.

Full Story @ [threatpost]

In this blog we describe a sophisticated backdoor, called Dino by its creators. We believe this malicious software has been developed by the Animal Farm espionage group, who also created the infamous Casper, Bunny and Babar malware. Dino contains interesting technical features, and also a few hints that the developers are French speaking.

Animal Farm is the security industry’s name for a group of attackers first described by Canada’s Communications Security Establishment (CSE) in a set of slides leaked by Edward Snowden in March 2014. In those slides CSE assess with “moderate certainty” that this group is a French intelligence agency. Since then, several examples of malware created by Animal Farm have been found and publicly documented, in particular:

The connection between those pieces of malware and the group described in CSE slides has been convincingly established, for example by Paul Rascagnères (G Data).

In this blog post we add a new piece to the puzzle with Dino, another malicious program belonging to Animal Farm’s arsenal.

Full Story @ [welivesecurity]