Bad News--Wikileaks-posts-weaponized-malware-for-all-to-download

According to David Gewirtz, a security writer for zdnet.com: "WikiLeaks has released a... dangerous spyware program ............."

Gerwitz claims that the malware had been sold by it's creator to "the police forces of the Netherlands and New South Wales, and the intelligence arms of the Hungarian, Qatari, Italian, and Bosnian governments........"

Gerwitz, while refraining from giving the actual download link, claims that "WikiLeaks actually posted the zip files containing the malware on their site, for anyone to download...."

Gerwitz categorizes this act by Wikileaks, if true as reported by him, as "an astonishingly irresponsible and very dangerous turn."

http://www.zdnet.com/article/wikileaks-posts-weaponized-malware-for-all-to-download/#ftag=RSSbaffb68

After stating how irresposible and dangerous this act by Wikileaks is, and that the malware is weaponized, Gerwitz states the the zip files are password protected, yet in his article he shares with his readers what he says Wikileaks gives as the password . WTF?

 

I just downloaded it, and then scanned two of the exe files at VirusTotal. Before I extracted the files, my archiver HaoZip detected the files as malware. At VirusTotal, both files were initially scanned there four years ago. Currently almost all malware scanners at VT detect the files - 45 out of 53 for one file and 47 out of 55 for the second file.

Considering the high detection rate, I don't think the release of malware by Wikileaks is too much of an issue. It would be different if it was new malware that was not detected, or if the source code was included.

 

In September, another zdnet.com writer stated that:

"In August, the makers of FinFisher suffered a hack that resulting in a file circulated via BitTorrent that reportedly contained client lists, price lists, source code, details about the effectiveness of Finfisher malware, user and support documentation, and a list of classes/tutorials."

"http://www.zdnet.com/article/wikileaks-names-nsw-police-as-finfisher-malware-customer/

Or is Gerwitz's piece just journalistic sensationalism, not journalism ?

 

OoPs- Sorry. May be old news. Written in September. My security news aggregator just picked it up as being published tonight. Maybe they waited to publish it until the security companies were able to provide protection against it.

 

Mixed feelings. I feel the public should have access to it to see what's up, cause of points mentioned here https://www.schneier.com/blog/archives/2014/12/corporate_abuse.html More eyes on this sort of thing, the better.

Whatever sample is in there is obviously flagged to death by everything anyway as roger_m mentions. And to actually go and use it for evil, well, they'd still need a method of getting it onto the victims machine, via exploit or spam. It's a drop in the bucket of the thousands upon thousands of stuff out there.