Mensajes

Resultados de RDG:





A ver que saco.

Saludos.

parece .net se puede decompilar?

Diste en el clavo, aunque PEiD me mostraba compilado en C++/C#.

No me fijé bien en las strings, cada vez voy a peor.

System.Runtime.CompilerServices
___.netmodule
SteamStealer.Properties.Resources.resources
D_FUFW
Confuser v1.9.0.0
_CorExeMain
mscoree.dll

Hace referéncia a un troyano , en concreto este:

Confuser v1.9.0.0: [ Confuser.zip application, 1057K, uploaded Jun 23, 2012 - 54990 downloads ]

http://www.dev-point.com/vb/t384433.html

http://confuser.codeplex.com/downloads/get/404433

http://confuser.codeplex.com/releases/view/90044

_________________

Para poder ver el código:

ConfuserDeobfuscator:

https://github.com/UbbeLoL/ConfuserDeobfuscator/blob/master/ConfuserDeobfuscator/ConfuserDeobfuscator/Deobfuscators/DeobfuscatorFactory.cs

http://es.scribd.com/doc/207710371/NET-Decrypt-Confuser-1-9-Methods


Desde AT4RE hicieron un anti-confuser:

NoFuser_v1.1

http://www.at4re.com/f/showthread.php?10855-%DF%ED%DD%ED%C9-%DD%DF-%D6%DB%D8-Confuser-v1-9-0-0

Descarga: http://www.gulfup.com/?Wenf4a

Cita:

NoFuser v1.1 - Beta
Deobfuscator for vanilla Confuser v1.8 & v1.9.
By: RazorX

Saludos.

Hola Tremolero aquí tienes la info que he podido sacar, no he indagado del todo pero bueno te puedes hacer a la idea:

URL: hxtp://scr4you.ru/580gop

Source URL: http://pastebin.com/M4Zdya1n
<Ver iframes>

Análisis:

VT: https://www.virustotal.com/es/url/8c4480e7d5b0a5e1e0073f3dd6956afa99fbec7e36247bbd1927ab80f0813e41/analysis/1417056284/
SC: http://sitecheck.sucuri.net/results/scr4you.ru
QT: http://quttera.com/sitescan/scr4you.ru
AI: Anti-Anubis- Fatal error.
Traffic: --
WI: Anti - Error


Info:

IP address resolution:
178.208.83.13

Whois:
http://whois.domaintools.com/178.208.83.13


HTTP Response headers:
via: HTTP/1.1 GWA
x-google-cache-control: remote-fetch
server: Apache
last-modified: Sun, 23 Nov 2014 23:11:32 GMT
connection: keep-alive
date: Thu, 27 Nov 2014 02:44:45 GMT
content-type: text/html


Archivo que descarga:

hxtps://www.dropbox.com/s/6chcr2y7a28soyo/LmG8gwXIejRa2l.scr?dl=1



Análysis:

VT: https://www.virustotal.com/es/file/acc91e917252fcaa17b216972b92d528fd6eb4c37c0b04e712552d59f73f1b3e/analysis/1417059200/ --> 0/61
Pcap file:
VT: https://www.virustotal.com/es/file/f28910ec609055261f118232157df9b631a47ce2bef9f7288c6656cef7c8a072/analysis/ --> 10 alerts (2 snort/8 suricata)
CC: http://camas.comodo.com/cgi-bin/submit?file=570974d26453a8ee217135a75ac078318a5392f9fcad159b2354b9e25428b6ec
MS: https://www.metascan-online.com/en/scanresult/file/7fa239ab11ff4165b6f542cd2deb3bec
MW: https://malwr.com/analysis/OGI4YzNiMWM3MzI4NDAxMThlNDI3YTIzYzhlZjU1Mjc/


Cambios:

Código [Seleccionar] Expandir


C:\DOCUME~1\User\LOCALS~1\Temp\LmG8gwXIejRa2l.scr.config
C:\DOCUME~1\User\LOCALS~1\Temp\LmG8gwXIejRa2l.scr
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\config\machine.config
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\config\security.config
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\config\security.config.cch
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\config\enterprisesec.config
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\config\enterprisesec.config.cch
C:\Documents and Settings\User\Application Data\Microsoft\CLR Security Config\v2.0.50727.42\security.config
C:\Documents and Settings\User\Application Data\Microsoft\CLR Security Config\v2.0.50727.42\security.config.cch
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index12.dat
C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
C:\DOCUME~1
C:\DOCUME~1\User
C:\DOCUME~1\User\LOCALS~1
C:\DOCUME~1\User\LOCALS~1\Temp
C:\DOCUME~1\User\LOCALS~1\Temp\LmG8gwXIejRa2l.INI
C:/DOCUME~1
C:/DOCUME~1/User
C:/DOCUME~1/User/LOCALS~1
C:/DOCUME~1/User/LOCALS~1/Temp
C:\WINDOWS\assembly\pubpol1.dat
C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI
C:\WINDOWS\system32\l_intl.nls
C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\WINDOWS\system32\rsaenh.dll
C:\Documents and Settings\User
C:\Documents and Settings\User\LOCALS~1
C:\Device\Tcp6
C:\Device\Tcp
C:\Device\NetBT_Tcpip_{B83AF3AB-4FED-45D1-A8B8-9E66F3411813}
C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.INI
C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.INI
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config
PIPE\lsarpc
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\config\security.config.cch.1316.21756444
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\config\enterprisesec.config.cch.1316.21756444
C:\Documents and Settings\User\Application Data\Microsoft\CLR Security Config\v2.0.50727.42\security.config.cch.1316.21756454


Reg.Keys:

Código [Seleccionar] Expandir

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\Standards\v2.0.50727
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1547161642-507921405-839522115-1004
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index12
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\3c74e9a9
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\3c74e9a9\1
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\319545b3\1
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ca3778b\4451bff0
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\1d498232
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\1d498232\8
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\67e63d5c\6
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\291a02d0\7
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6e9ac653\8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Defaults\Provider Types\Type 001
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Offload
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B83AF3AB-4FED-45D1-A8B8-9E66F3411813}
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\b1a55bd
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\7d04a1bb
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\7d04a1bb\18
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\19057a88\23
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName
ActiveComputerName
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance
HKEY_LOCAL_MACHINE\Software\Microsoft\Ole
HKEY_CLASSES_ROOT\AppID\LmG8gwXIejRa2l.scr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE

Mutexes:

Código [Seleccionar] Expandir

Global\CLR_CASOFF_MUTEX
CTF.TimListCache.FMPDefaultS-1-5-21-1547161642-507921405-839522115-1004MUTEX.DefaultS-1-5-21-1547161642-507921405-839522115-1004
Global\.net clr networking


Strings:

Código [Seleccionar] Expandir

#Strings
BinaryReader
System.IO
Stream
RijndaelManaged
System.Security.Cryptography
Exception
System
MemoryStream
CryptoStream
ICryptoTransform
CryptoStreamMode
SymmetricAlgorithm
CreateDecryptor
Encoding
System.Text
GetBytes
ReadBytes
Buffer
BlockCopy
get_Length
AppDomain
get_CurrentDomain
ReadByte
ResolveEventArgs
get_Name
add_AssemblyResolve
ResolveEventHandler
Module
System.Reflection
ResolveMethod
MethodBase
Assembly
GetManifestResourceStream
ReadInt32
GetString
get_UTF8
BitConverter
ToUInt32
Invoke
GetEntryAssembly
GetParameters
ParameterInfo
LoadModule
GetTypeFromHandle
RuntimeTypeHandle
get_Assembly
User.exe
mscorlib
ntdll.dll
kernel32.dll
<Module>
Dictionary`2
System.Collections.Generic
DeflateStream
System.IO.Compression
add_ResourceResolve
ToArray
Create
HashAlgorithm
ComputeHash
CompressionMode
Dispose
MemberInfo
get_Module
get_MetadataToken
ResolveSignature
GetExecutingAssembly
GetCurrentMethod
.cctor
FieldInfo
ConstructorInfo
DynamicMethod
System.Reflection.Emit
ILGenerator
GetFieldFromHandle
RuntimeFieldHandle
get_FieldType
CreateDelegate
Delegate
SetValue
get_ParameterType
OpCodes
Newobj
OpCode
get_DeclaringType
GetILGenerator
Ldarg_S
get_IsInterface
get_IsArray
MethodInfo
get_ReturnType
Object
get_IsStatic
Castclass
String
get_Chars
Callvirt
IDisposable
GetManifestResourceNames
IndexOf
sender
CompressShell
UInt32
UInt64
STAThreadAttribute
ValueType
Boolean
numBitLevels
Marshal
System.Runtime.InteropServices
SizeOf
TryGetValue
set_Item
MulticastDelegate
ProcessHandle
ProcessInformationClass
ProcessInformation
ProcessInformationLength
ReturnLength
NtQueryInformationProcess
NtSetInformationProcess
hObject
CloseHandle
IsDebuggerPresent
OutputDebugString
Thread
System.Threading
Environment
GetEnvironmentVariable
set_IsBackground
FailFast
ParameterizedThreadStart
get_IsAlive
get_CurrentThread
Debugger
System.Diagnostics
get_IsAttached
IsLogging
thread
lpAddress
dwSize
flNewProtect
lpflOldProtect
VirtualProtect
GetHINSTANCE
IntPtr
op_Explicit
get_FullyQualifiedName
op_Inequality
ConfusedByAttribute
Attribute
SuppressIldasmAttribute
System.Runtime.CompilerServices
___.netmodule
SteamStealer.Properties.Resources.resources
D_FUFW
Confuser v1.9.0.0
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
COR_ENABLE_PROFILING
COR_PROFILER
Profiler detected
Loop broken
Debugger detected (Managed)
<Unknown>
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
FileDescription
FileVersion
0.0.0.0
InternalName
User.exe
LegalCopyright
OriginalFilename
User.exe
ProductVersion
0.0.0.0
Assembly Version
0.0.0.0


++++++++++++++++


2º:
hxtp://stearommunity.com/id/OraclE/
VT: https://www.virustotal.com/es/url/3ff2a16e77c157d019881bbde25f77bcd7db34cbbbbdf425a2c8c63badf58c7c/analysis/1417071903/ --> 6/61 Phising Site


Para mi que es el mismo personaje o grupo que intentan esparcir la infección via Steam.

Saludos.

Buena esa Randomize, no se me ocurrió de esa forma. Lo malo es que todavía no le acabo de entender, quiere matar el proceso del AV, que no puede deshabilitar por estar en una red que el no controla y a la vez crearle una excepción al AV  .
Si matamos procesos y servicios del AV olvidate de crear una excepción, no tiene sentido.

Ya tienes otra alternativa Zaky.

Saludos.

Probaste la iso de Gparted?
Puede funcionarte, ahí odrás ver particiones ocultas y borrralas.

http://gparted.org/download.php

Saludos.

A parte los LiveCD, probaste ejecutar las herramientas en modo seguro?
Revisa que programas se inician con Windows, puedes subir un log de Hijacthis así vemos por donde anda.

Aquí tienes más herramientas, por si necesitas algo en concreto:

http://foro.elhacker.net/seguridad/guia_rapida_para_descarga_de_herramientas_gratuitas_de_seguridad_y_desinfeccion-t382090.0.html

Saludos.

El malware Ploutus era el que colaban por el lector de cd en los cajeros de mexico.
No se si serán los mismos.

Saludos.

Unless we are a human supercomputer, remembering password is not an easy task and that too, if you have a different password for every different site. But luckily to make the whole process easy, there is a growing market for password managers which provides an extra layer of protection. Wait! Wait! Seriously??

Security researchers have discovered a new variant of data-stealing Citadel Trojan program used by cybercriminals to slurp up users' master passwords for a number of password management applications and other authentication programs, which will let you think twice before using one.

Citadel Trojan malware program has typically been used to steal online banking credentials and other financial information by masquerading itself as legitimate banking sites when victims open it in their local browser, which is also known as a man-in-the-browser attack.

The malware has previously targeted users' credentials stored in the password management applications included in popular Web browsers, however, third-party password managers have typically not been targeted by the attackers.

But, researchers at IBM Trusteer noted that the configuration file of the notorious malware had been modified to activate a keylogger when users opened either Password Safe or KeePass, two open-source password managers. Designed to steal the "Master Password" that protects access to the database of the end-user's passwords.

"Password management and authentication programs are important solutions that help secure access to applications and Web Services," Dana Tamir, director of enterprise security at Trusteer, wrote on IBM's Security Intelligence blog.

    "If an adversary is able to steal the master password and gains access to the user/password database of a password management solution or compromise authentication technology, the attacker can gain unfettered access to sensitive systems and information."

In addition, the new Citadel variant also targets the enterprise authentication solution Nexus Personal Security Client used to secure financial transactions and other services that require heightened security, according to research from data-protection company IBM Trusteer.

Once the malware infected a computer, it waits until one of the configured process is launched. The malware then logs keystrokes to steal the master passwords, allowing cybercriminals complete control over the machine and victims' every online account protected by that password manager.

The Citadel Trojan has been in existence since 2011 that has already compromised millions of computers around the world. According to the security researchers, Citadel is "highly evasive and can bypass threat detection systems."

    "[The Citadel variant] might be an opportunistic attack, where the attackers are trying to see which type of information they can expose through this configuration, or a more targeted attack in which the attackers know that the target is using these specific solutions," reads the blog.

In June last year, the tech giant Microsoft along with the FBI and financial services companies launched a "takedown" operation against Citadel botnets, which had stolen more than $500 million from bank accounts over the past 18 months. At the time, the group claimed it disrupted more than 90% of Citadel botnets.

Info: http://securityintelligence.com/cybercriminals-use-citadel-compromise-password-management-authentication-solutions/#.VG8L2YuUeT0

Fuente: http://thehackernews.com/2014/11/new-citadel-trojan-targets-your.html

El grupo de autodenominados "hackers" Derp, también llamado DerpTrolling, publicó una base de datos con miles de usuarios y contraseñas de usuarios de juegos filtradas, una "muy pequeña porción" de credenciales a modo de "advertencia" a las compañías. Los datos pertenecen a cuentas de tres grandes redes utilizadas por los gamers: PSN, 2K Game Studios y Windows Live.

Según reporta CNET, la base filtrada y publicada en Pastebin incluye usuarios y contraseñas de 2.131 usuarios de PlayStation Network (PSN), 1.473 usuarios de Windows Live, y 2 mil de usuarios de 2K Game Studios.

DerpTrolling es el mismo grupo que se adjudica el ataques DDoS a los servidores de Blizzard durante el fin de semana pasado, y también el mismo que hace poco dijo en una entrevista que no filtraría más datos de usuarios; pero al parecer, han cambiado de táctica con la premisa de que sus esfuerzos no han sido tomados en serio.

El objetivo, dicen, es que la información filtrada sirva de advertencia a las compañías para que mejoren y actualicen sus servidores, de forma que incidentes como estos dejen de ocurrir y la información esté correctamente resguardada, y se prevengan ataques DDoS (Ataque Distribuido de Denegación de Servicio o Distributed Denial of Service).

Si bien la base de datos publicada no es demasiado grande, y muchas de las credenciales ya no funcionan (tal como confirmó IBTimes UK), el grupo ha dicho y también ha publicado en su cuenta de Twitter que posee información de 500 mil tarjetas de crédito, 7 millones de usuarios y contraseñas, 2 millones de cuentas de Comcast, 1.7 millones de cuenta de EA, 620 mil cuentas de Twitter, 3 millones de Facebook, y más.

A continuación podemos ver algunos de los tweets de DerpTrolling al respecto y la noticia del ataque DDoS a Blizzard:

Leer completo:

http://www.welivesecurity.com/la-es/2014/11/21/derptrolling-filtra-credenciales-psn-windows-live/

http://www.cnet.com/news/derptrolling-leaks-psn-2k-windows-live-customer-logins/

PD: Eliminé el tema por error, viendo una noticia similar en el blog, sorry !!!

Saludos.

Human rights experts and Privacy International have launched a free tool allowing users to scan their computers for surveillance spyware, typically used by governments and other organizations to spy on human rights activists and journalists around the world.

This free-of-charge anti-surveillance tool, called Detekt, is an open source software app released in partnership with Human rights charity Amnesty International, Germany's Digitale Gesellschaft, the Electronic Frontier Foundation (EFF) and Privacy International, in order to combat government surveillance.

NEED AN EYE FOR AN EYE
The global surveillance carried out by the US National Security Agency (NSA) and other government agencies recently disclosed by the former NSA contractor Edward Snowden shed light on just how far our own government can go to keep track of citizens, whether innocent or otherwise. Therefore, such tool will help them see if their devices have been infected by any spyware.

Detekt was developed by security researcher Claudio Guarnieri, who has been investigating government abuse of spyware for years and often collaborates with other researchers at University of Toronto's Citizen Lab.

    "It was intended as a triaging utility for human rights workers travelling around. It is not an AV [AntiVirus]," explained the developer Claudio Guarnieri in an online discussion about the tool on Twitter with other security researchers.

With the help of Detekt scanning tool in investigations, Guarnieri and his colleagues discovered, for example, that the Bahraini government used FinSpy, surveillance spyware developed by German firm FinFisher. Among other, FinSpy software has ability to monitor Skype conversations, take screenshots and photos using a device's camera, record microphone use, emails, voice-over-IP and extract files from hard discs.

Moreover, Guarnieri's team also found that the Ethiopian government spied on journalists and activists in the U.S. and Europe, using a software developed by Hacking Team, another company that sells off-the-shelf surveillance tools, and similar companies.

    "Governments are increasingly using dangerous and sophisticated technology that allows them to read activists and journalists' private emails and remotely turn on their computer's camera or microphone to secretly record their activities," Amnesty head of military, security and police Marek Marczynski said in a statement. "They use the technology in a cowardly attempt to prevent abuses from being exposed."

    "Detekt is a simple tool that will alert activists to such intrusions so they can take action. It represents a strike back against governments who are using information obtained through surveillance to arbitrarily detain, illegally arrest and even torture human rights defenders and journalists."

DOWNLOAD DETEKT ANTI-SURVEILLANCE TOOL

https://resistsurveillance.org

You can Download Detekt here:

https://github.com/botherder/detekt/releases/download/v1.6/detekt.exe

Source: https://github.com/botherder/detekt/archive/v1.6.zip

Github: https://github.com/botherder/detekt/releases/tag/v1.6

Detekt, for now, has been designed for Windows PC users to scan their machines for known surveillance spyware that its developers warn is used to target and monitor specifically human rights defenders and journalists across the globe. The tool is not yet supported on the 64-bit version of Windows 8.1.

Detekt scans computers for infection patterns associated with several families of remote access Trojans (RATs) including DarkComet RAT, XtremeRAT, BlackShades RAT, njRAT, FinFisher FinSpy, HackingTeam RCS, ShadowTech RAT and Gh0st RAT.

    "If Detekt does not find anything, this unfortunately cannot be considered a clean bill of health," the Detekt software's Readme file warns.

The tool can make you aware of the presence of spyware, but it is by no means 100 percent effective, and can't detect all types of spywares. So, the human rights group is encouraging software developers to contribute to the project.

Fuente: http://thehackernews.com/2014/11/detekt-free-anti-malware-tool-to-detect_20.html