The Electronic Frontier Foundation (EFF) is having a big week. First the organization announced “Let’s Encrypt,” a new, free certificate authority (CA) with the goal of moving everyone to adopt encrypted web communications.
Then, today, the group announced Detekt, a malware detection tool designed to expose evidence of state surveillance. The tool is intended to help journalists, political activists and others identify malware associated with state-sponsored spying.
Developed by security researcher Claudio Guarnieri, Detekt is available on Github and at the site resistsurveillance.com.
The tool was written in Python tool and scans the memory of Windows systems (XP and 32 and 64 bit and Windows 8) for malware. Essentially, its a straight-up malware scanner that focuses on malware associated with spying, namely: DarkComet RATm XtremeRAT, BlackShades RAT, njRAT, FinFisher FinSpy, HackingTeam RCS, ShadowTech RAT and Gh0st RAT.
|You might also like “Hacker takes on the Worlds spy agencies.”|
Alas, unlike most anti malware programs (which at least claim to detect the same malware families) Detekt doesn’t do removal. Users who get positive scan results are instructed to disconnect their system from the Internet and either: 1) throw it away or 2) seek professional assistance in trying to disinfect it.
Not very reassuring. That’s especially true because Detekt comes with a lot of warnings that it “may not successfully detect the most recent versions of those malware families” and that the very families it detects “will likely be updated in response to this release in order to remove or change the patterns that we identified.”