Find out if your Windows PC is infected with Hacking Team malware
A leak pushed hundreds of Gigabyte of data from Italian based company Hacking Team into the open.
Rook Security, one of the companies that is analyzing the data, discovered 53 git projects during an initial pass of the data which resulted in the identification of 93 binary files of which 40 were identified to have the highest probability for malicious use.
The binary files were filed into four different groups based on the analysis. All files verified as malicious by Virustotal went into group a for instance, while files used in Hacking Team projects went into group c.
The company has updated its tools that Windows users can use to find out whether their systems are compromised with Hacking Team Malware.
If you download Milano, one of the available tools, you get more than just a program to run on your system. Rook Security ships a pdf document with the tool that lists file names, hashes and other valuable information.
This means that you may use the information to run manual scans on the system as well, or to add these files to blacklists to prevent their execution on the system.
The tool itself is easy to use:
- Extract the contents of the zip file to the local computer system after download.
- Open the folder RookMilano and double-click on milano.exe to start the program.
- A command line interface opens that prompts you to select quick scan or deep scan. That's the only selection you need to make.
Milano scans the system afterwards based on the selection. This may take a while depending on it; it took 201 seconds to quick scan a system with a fast Solid State Drive for instance.
Results are displayed in the end but also saved to a text file that is placed in the program folder automatically so that you can open it at any point in time after the scan.
No problematic files are displayed if the system has not been infected by Hacking Team malware or files, but if something is found, it is listed both in the command line interface and text log.
Interested users can check out the source code of the application on Github.
The company plans to improve the detection tool further in the future, and will release updated detection files for other operating systems, Linux and OSX specifically, in the near future as well.Advertisement