14 DAY TRIAL // Microsoft published an in-depth analysis of one of the forms of malware detected and blocked by Windows Defender last year, revealing that it was mostly used by governments for surveillance purposes.
Used by NEODYMIUM, FinFisher, also known as FinSpy and detected by Microsoft as Wingbird, is a government-grade surveillance spyware that uses complex tactics to evade antivirus protection and avoid being caught by security researchers for closer inspection.
“FinFisher is not afraid of using all kinds of tricks, ranging from junk instructions and “spaghetti code” to multiple layers of virtual machines and several known and lesser-known anti-debug and defensive measures. Security analysts are typically equipped with the tools to defeat a good number of similar tricks during malware investigations,” Microsoft explains.
In a technical analysis of the malware, Microsoft explains that FinFisher typically spreads with the help for Word documents that include code for infecting systems.
Windows 7 systems exposed
While no details have been provided on who exactly used it, Microsoft says that Windows 10 customers were protected thanks to built-in security solutions, adding that Windows 10 S devices aren’t vulnerable to such malware since Win32 software isn’t allowed.
The goal was to steal information, the software giant says, and some variants of the malware also include MBR rootkit, but in this case the purpose isn’t very clear. There’s a chance, however, these versions of the malware are specifically aimed at older versions of Windows.
Of course, Redmond uses this occasion to emphasize that Windows 7 isn’t protected, and the company reminds that only machines that are running Windows 10 and taking advantage of features like UEFI and SecureBoot are secure against such attacks.
Windows 7 will reach the end of support in January 2020, so it’s essential for both home users and enterprises to upgrade their systems to Windows 10 as soon as possible to prevent such malware from compromising their systems.