A variant of a Remote Control System (RCS) program software designed to remove malware has been spreading into the Internet lately. The software is known to have been developed by an Italian company, called Hacking Team, and is spreading as an application under the name Linkman – a bookmark manager, created by the German company Outertech.
The tool, called “Detekt” launched last week to give people the opportunity to scan their computers for trade spyware software, used by governments in various countries. According to its developer, Mr. Claudio Guarnieri it has found unknown malware variants already.
RCS is being sold to governments and countries law enforcement all over the world as a tool for legitimate monitoring of their computer networks. Hacking Team claims that its purpose is to scan people’s computers but independent reports show that it’s only being used in countries where human rights are poorly protected. It is not clear how the new RCS sample is reaching its customers, but it continues to go under the name and the logo of Linkman.
The German software company, which actually owns the bookmark manager, stated that the new RCS sample has a certificate under the name of some company called Jagdeependra, while the legitimate copy of the software is Outertech signed. In a Twitter message Outertech advice users who wish to install Linkman, to make sure that they are downloading the correct version of the software. The best way is to visit their web page and get it from there, so to ensure that the files are not infected.
The new “Detekt” tool sample has been uploaded on the VirusTotal web site – a Google subsidiary, analyzing files and URLs for malwares and other virus threats. Only two of the antivirus programs, attached to the site have found the RCS sample malicious though.
The anti-virus software company BitDefender announced to have found three malicious files into their database, certified by Jagdeependra. The certificates appeared to have been revoked by their issuing authority – Comodo – later though.
One of these files appeared to be different from the one Guarnieri has announced, but it’s also using the name and the logo of Linkeman. Its sample sits in Bitdefender’s database from 14th October this year that suggests that the Hacking Team developments are at least a month old.
The third file is even more interesting, suggesting being an NIC Diagnostic Utility – software developed by the Realtek Semiconductor Company. It is still not clear what certificate the file had been using, but a sample of it is sitting in the Virus Total database since October, 13th.