Discussion in 'malware problems & news' started by ronjor, May 1, 2013.
Mozilla accuses Finfisher makers of 'hiding' under name
The Mozilla Foundation has accused UK software group Gamma International of falsely associating one of its products with the Firefox name.
Finfisher is a legitimate surveillance software thought to be used by governments to covertly obtain data.
It is installed unknowingly by its target computer user, often by disguising itself as an update to a well known programme such as Firefox.
BBC News technology
More on Gamma's FinFisher
Also cited in the below ARS article:
They are totally right IMO, no sane company would want their brand associated with such activities.
Yeah, they are in all their right. (Firefox)
I don't blame them one bit. It's kind of time there was a little more public exposure of these methods, though it won't stop them from further development in all honesty. The best we can hope for I think, in this case, is that the firms and organizations that develop these tools won't be able to use well respected vendors in their dirty work.
Gamma International: Corporate Enemy of the Internet
On 12 March 2013 Reporters Without Borders named Gamma International as one of five "Corporate Enemies of the Internet" and “digital era mercenaries” for selling products that have been or are being used by governments to violate human rights and freedom of information. FinFisher technology was used in Bahrain and Reporters Without Borders, together with Privacy International, the European Center for Constitutional and Human Rights (ECCHR), the Bahrain Centre for Human Rights, and Bahrain Watch filed an Organisation for Economic Co-operation and Development (OECD) complaint, asking the National Contact Point in the United Kingdom to further investigate Gamma’s possible involvement in Bahrain. Research has shown that FinFisher technology was used in Australia, Bahrain, Bangladesh, Britain, Brunei, Canada, the Czech Republic, Estonia, Ethiopia, Germany, India, Indonesia, Japan, Latvia, Malaysia, Mexico, Mongolia, Netherlands, Qatar, Serbia, Singapore, Turkmenistan, the United Arab Emirates, the United States and Vietnam.
Is there any reliable way to know whether or not your machine has picked up this code?
While my Comodo is updated does the newer AV database file cover this "bug"? Its been awhile now so you would think the AV folks would add a detection of it.
Method of infection:
I did a FinFisher TEST on September 14th, 2012 & discovered one of it's files named as Firefox.exe https://www.wilderssecurity.com/showthread.php?t=332263&highlight=finfisher
From what i've seen/heard, most AV's etc should & do detect/prevent etc it.
Better if you have an AntiEXE though, as this will prevent it installing, along with Every other .EXE you don't allow
FWIW, there's a picture in this blog post by F-Secure, showing Gamma in their "booth" and at the top one can read "FinFisher"
Or a HIPS.
Separate names with a comma.