Sergey Golovanov Kaspersky Lab
Denis Maslennikov Kaspersky Lab
download slides (PDF)
FinFisher, a.k.a. FinSpy, is a spying complex for various platforms developed by a British company called Gamma International. The company is based in Andover, UK, and according to their website they are focused on creating remote monitoring solutions for various governmental institutes.
Da Vinci can be dubbed in the same way: a multi-platform spying complex. It is developed and supported by an Italian company based in Milan called Hacking Team. According to their website they are focused on providing offensive technologies to different law enforcement agencies and intelligence communities.
Between them, Gamma International and Hacking Team have already developed and sold to third parties a number of backdoors and spying tools for different platforms like Windows, Mac OS X, Windows Mobile, Android, Blackberry and others. All the samples we've seen so far would be classified as malicious from an AV vendor point of view: they work silently and leave almost no traces; they are able to steal a lot of types of personal information; they can receive commands and execute them; they are signed by trusted certificates or have an ability to self-propagate; there is no EULA shown before, during or after 'installation' :-)
This presentation will cover all known and unknown details about different versions of Da Vinci and FinSpy. We will expose all similarities and differences between them. We will also discuss the question of the 'business-to-government' malware market, which has become a reality in 2012 and continues to be discussed in 2013. If you like IDA screenshots, black consoles, maps and photos, then this paper and presentation is for you!
VB2013 takes place 2-4 October 2013 in Berlin, Germany.
The full programme for VB2013, including abstracts for each paper, can be viewed here.