Recently an underworld firm known by the name of Hacking Team got hacked by some other hacker who got away with hundreds of gigabytes of the stolen data. This 400 gigabytes of the stolen data was later dumped on github. Analysis of this stolen data has revealed many eye opening secrets. The Hacking Team provided specialized services that involved use of vulnerabilities in many operating systems and some of the hacking tools developed by them. Over the years, these tools have infected a multitude of users on various platforms. Rook Security, a security firm that analyzed this data, has identified some of the tools that were frequently used by the Hacking Team to infiltrate and control a victim’s computer.
Now Rook Security has made a list of all these binary files along with their MD5, SHA-1 and SHA256 hashes available online. They have also released a tool called Milano (perhaps because the Hacking Team is an Italy based firm). You can run Milano on your Windows PC to detect the malicious files linked to the Hacking Team. Milano does this by matching the known malicious file hashes with the files on your computer.
Milano asks you whether you want to perform a quick scan or in-depth scan. You should start with a quick scan and if something is detected, then you can go for the deep scan. It also asks for the default Windows folder path. After this it goes through your file system, calculating file hashes and matching them with the known Hacking Team file hashes. The process for quick-scan may take 4-5 minutes and the deep scan takes even longer.
At the end, it displays if it has encountered some files that have a match MD5 hash with the ones from Hacking Team. These files are displayed in four categories – A, B, C and D. The files under A are known to be malicious by VirusTotal. The files under B are manually analyzed by Rook Security and are found to be malicious. The files under C were used in one of the projects of Hacking Team. The files under D are not known to be malicious or their intention is not know at the moment.
The results of the scan are saved in the last_scan_results.txt file in the same folder as milano.exe. If it finds any suspicious file during the scans, then you should better contact a professional security advisor and beef up your computer’s security. You may find it a little paranoid, but reinstalling Windows and then other software from known good sources is not a bad idea.
You can download Rook Milano from https://www.rooksecurity.com/resources/downloads/.