Check Your PC For Remnants Of Hacking Team Tools

toggle-button

Earlier this month, Italian security company Hacking Team found itself on the wrong end of a hack. Around 400 GB of its own data from HT's servers were stolen and leaked onto the internet. This included details of the spyware products that it sold to Governments and intelligence agencies across the world.

As researchers continue to analyze the leaked data, which also contains the source code for some of the Hacking Team products, a picture is emerging about what the malware does and how to detect it. Rook Security, a US-based security company, has now released a free program that scans your PC to check that none of the Hacking Team spyware is present on your computer.

The download is 5 MB and you'll find it at https://www.rooksecurity.com/resources/downloads

The program is malware-free according to VirusTotal and Web of Trust, and should work on Windows 7 and above. Use the "MILANO INSTALLER - MSI WINDOWS" link from the above-mentioned download page, to get the correct package.

Having been written by security researchers rather than experts in user interface design, the tool (called Milano) is fairly simple. It's text-based, when you run it, and creates its report as a text file that you need to load into Notepad in order to view. But it does provide a useful service and is a useful addition to your normal PC security routine.

It's also worth checking Rook's site occasionally for updates to Milano, which will continue to be revised as new information about HT's activities come to light.

Please rate this article: 

Your rating: None
4.73077
Average: 4.7 (26 votes)
toggle-button

Comments

For those who tap the enter key too fast, the log file is:

C:\Users\[Your User Name]\AppData\Roaming\Rook Security\Rook Milano\last_scan_result.txt

The pdf file causing the false positives has been verified as a false positive by Avast.
from their virus lab ...

"Posted on: 27 July 2015 10:33
Hello Michael,

I have an information from our virus lab specialists that It was a false positive. The detection has been disabled and It will be fixed in the next virus definition update.
We are sorry for the inconvenience.

If I can be of any further assistance, please do not hesitate to contact me again.

Best regards,

(name omitted)
Technical Support Specialist

www.avast.com"

No big surprise, I think the lost worm headed for Iran would have been more exciting though.

I just sent the the pdf file lanshark is referring to to avast labs to make sure it's a false positive. When I scanned the 101 zip file from Rook @ virus total, Avast and qyeboo or some such named AV both flagged the pdf file and not the 20 portable exe's as a threat. It's only 223 kilobytes in size so with the text it contains should be a very small germ, if at all. Maybe Avast labs will shut down a freeway or something or it could be a new stuxnet worm and got lost on the way to Iran.

Avast Free's scan of Rook's Milano Package_1.0.1.zip identifies a high security threat thusly:

Threat: PDF:UrlMal-inf [Trj]

FWIW...

You've stated this will work on WIN 7 and above, how about Vista?

And how exactly do we know rook and it's milano program are any more reliable than the government? Antivirus reports alone aren't convincing enough for me for various reasons including that they could be in on it and that they don't necessarily look for all kinds of malware.

Faziri said "and that they don't necessarily look for all kinds of malware."

No they don't necessarily OR unnecessarily look for all types of malware. It simply looks for signs that Hacking Team "Products" have been used on or against your computer by which ever government or agency that may have used them. With the tax dollars available to the NSA and stuff like Stuxnet and Flame and the HDD Firmware hack (equation group) under their belt, kind of makes the Hacking Team Company pale in comparison.

I meant that a program is not necessarily not malware just because antiviruses don't react to it. AVs don't report the Ask toolbar either but I can't imagine anyone who doesn't consider that malware. Plus the whole Milano thing could be another scheme by some greater powers, backed by the antivirus companies with manufactured negatives. It's hard to trust any big name or product anymore these days.

I hear what your saying. I think almost any scenario is possible given the nature of man. The only thing I really get surprised by anymore is my occasional exhibitions of stupidity and even that doesn't have the effect on me that it used to.

Avast blocks website downloads