Related: https://wikileaks.org/spyfiles4/

Does this tool only work with Windows computers? Personally I think a lot of professionals work with Apple IOS, or Ubuntu etc.

before i download- did it find anything on your PC?

phuketrichard wrote:Detekt is a free tool that scans your Windows computer for traces of known surveillance spyware used to target and monitor human rights defenders and journalists around the world.

https://resistsurveillance.org/#

Thanx a lot for this one Richard. Just downloaded it, and it's running now.....got already some strange messages, but let's see.

Additional info from the "Detect" website:

Anti-virus software
EFF recommends that you use anti-virus software on your computer and your smartphone, though we cannot recommend any particular anti-virus products as being superior to others. Anti-virus software can be quite effective at combatting cheap, “non targeted” malware that might be used by criminals against hundreds of targets. However anti-virus software is usually ineffective against targeted attacks, such as the ones used by Chinese government hackers to compromise the New York Times.

Indicator of compromise

When it is not possible to detect malware using anti-virus software, it is still sometimes possible to find indicators of compromise. For example, Google will sometimes give a warning to Gmail users stating that it believes your account has been targeted by state-sponsored attackers. Additionally, you may notice a light indicating that your webcam is turned on when you have not activated it yourself (though advanced malware may be able to turn this off)—this could be another indicator of compromise. Other indicators are less obvious; you may notice your email is being accessed from an unfamiliar IP address or that your settings have been altered to send copies of all of your email to an unfamiliar email address. If you have the ability to monitor your network traffic, the timing and volume of that traffic might indicate a compromise. Another red flag would be that you might notice your computer connecting to a known Command and Control server—the computers that send commands to machines infected with malware or which receive data from infected machines.

How can attackers use malware to target me?

The best way to deal with a malware attack is to avoid getting infected in the first place. This can be a difficult feat if your adversary has access to zero day attacks—attacks that exploit a previously-unknown vulnerability in a computer application. Think of your computer as a fortress; a zero day would be a hidden secret entrance that you do not know about, but which an attacker has discovered. You cannot protect yourself against a secret entrance you don’t even know exists. Governments and law enforcement agencies stockpile zero day exploits for use in targeted malware attacks. Criminals and other actors may also have access to zero day exploits that they may use to covertly install malware on your computer. But zero day exploits are expensive to buy and costly to re-use (once you use the secret tunnel to break into the fortress, it increases the chances that other people may find it). It is much more common for an attacker to trick you into installing the malware yourself.

There are many ways in which an attacker might try to trick you into installing malware on your computer. They may disguise the payload as a link to a website, a document, PDF, or even a program designed to help secure your computer. You may be targeted via email (which may look as if it’s coming from someone you know), via a message on Skype or Twitter, or even via a link posted to your Facebook page. The more targeted the attack, the more care the attacker will take in making it tempting for you to download the malware.

For example, in Syria, pro-Assad hackers targeted members of the opposition with malware hidden in fake revolutionary documents and a fake anti-hacking tool. Iranians have been targeted using malware hidden in a popular censorship-circumvention program. And in Morocco, activists were targeted with malware hidden in a document made to look as if it had been sent by an Al-Jazeera reporter, promising information about a political scandal.

The best way to avoid being infected with this kind of targeted malware is to avoid opening the documents and installing the malware in the first place. People with more computer and technical expertise will have somewhat better instincts about what might be malware and what might not be, but well-targeted attacks can be very convincing. If you are using Gmail, opening suspicious attachments in Google Drive rather than downloading them may protect your computer from infection. Using a less common computing platform, like Ubuntu or ChromeOS, significantly improves your odds against many malware delivery tricks, but will not protect against the most sophisticated adversaries.

Another thing you can do to protect your computer against malware is to always make sure you are running the latest version of your software and downloading the latest security patches. As new vulnerabilities are discovered in software, companies can fix those problems and offer that fix as a software update, but you will not reap the benefits of their work unless you install the update on your computer. It is a common belief that if you are running an unregistered copy of Windows, you cannot or should not accept security updates. This is not true.

What should I do if I find malware on my computer?

If you do find malware on your computer, unplug your computer from the Internet and stop using it immediately. Every keystroke you make may be being sent to an attacker. You may wish to take your computer to a security expert, who may be able to discover more details about the malware. If you’ve found the malware, removing it does not guarantee the security of your computer. Some malware gives the attacker the ability to execute arbitrary code on the infected computer—and there is no guarantee that the attacker has not installed additional malicious software while in control of your machine.

Log into a computer you believe is safe and change your passwords; every password that you typed on your computer while it was infected should now be considered to be compromised.
You may wish to reinstall the operating system on your computer in order to remove the malware. This will remove most malware, but some especially sophisticated malware may persist. If you have some idea of when your computer was infected, you may reinstall files from before that date. Reinstalling files from after the date of infection may re-infect your computer.

Hey, OD...look at the last highlighted sentence. How is this possible ????

Hey OD.....I have here a preliminary report of this program. It says:

2014-11-20 15:35:41,214 - detector.service - INFO - Trying to stop the winpmem service...
2014-11-20 15:35:41,214 - detector.service - INFO - Trying to delete the winpmem service...
2014-11-20 15:35:41,214 - detector.service - DEBUG - Unable to delete the service: (6, 'DeleteService', 'The handle is invalid.')
2014-11-20 15:35:41,339 - detector.service - INFO - Trying to start the winpmem service...
2014-11-20 15:35:41,417 - detector - INFO - Service started

WinPMEM is a kernel mode driver for gaining access to physical memory. So that would be spyware, isn't that the case. If the program is trying to stop and delete winpmem, doesn't that mean that it is there (the program I mean) ??????

[meanwhile, it installs a government tracker on your system... and fails to report it... lol]


*disclaimer, I don't know or have any real reason to believe this... it's a joke.

OrangeDragon wrote:[meanwhile, it installs a government tracker on your system... and fails to report it... lol]


*disclaimer, I don't know or have any real reason to believe this... it's a joke.

Very funny OD, very funny.......I love you computer freaks.

BTW.....you haven't answered this one: You may wish to reinstall the operating system on your computer in order to remove the malware. This will remove most malware, but some especially sophisticated malware may persist.

If I reinstall the OP how is it possible that some malware persists ????

Jaap N. wrote:Personally I think a lot of professionals work with Apple IOS, or Ubuntu etc.

Apple OS X and Ubuntu is spyware:

http://arstechnica.com/information-tech ... -searches/
http://arstechnica.com/security/2014/10 ... arch-data/

OrangeDragon wrote:*disclaimer, I don't know or have any real reason to believe this... it's a joke.

For what it's worth, it's Amnesty:

http://www.theguardian.com/world/2014/n ... or-spyware

Francis wrote:If I reinstall the OP how is it possible that some malware persists ????

Rootkits, bootkits, etc. Depending on whether this is signature based classic undetection methods may still apply.

https://en.wikipedia.org/wiki/Rootkit
https://support.kaspersky.com/viruses/solutions/2727