The Shadow Brokers are back at it! A while back the group released a bunch of exploits, and have come back with even more goodies. Now they are selling a whole new portion of tools dubbed, “Equation Group Windows Warez.” This bundle includes exploits for Windows and bypassing most anti-virus systems, stolen from the NSA linked “Equation Group.”
For those unfamiliar with the Shadow Brokers, they are a group of black hat hackers, who leaked exploits, security vulnerabilities, and “powerful espionage tools” created by The Equation Group in August of 2016. This past Saturday, January 7th 2017, the Shadow Brokers posted a message on their ZeroNet based website, announcing the sale of the entire “Windows Warez” collection for 750 Bitcoin (US$678,375 at the time this article was written).
I have previously stated in my prior articles, Disintegration of Your Right to Privacy, and Free(dom) Software: Why Your PC should have Liberty that Microsoft software is rather insecure to be using, and should not be trusted at all with your privacy. This is due to the fact Microsoft willingly sits on exploits and hands them to the NSA and other agencies, waiting for months at a time for individuals to have the holes in their computers patched — which is highly unethical, because it leaves millions open to attack from malicious actors, including some from the state itself. This latest leak only serves to further reinforce the points established in the two articles regarding the weaknesses of proprietary software, seeing as the data dump contains many windows cracking tools, categorized as the following:
- Fuzzing tools (used to discover errors and security loopholes)
- Exploit Framework
- Network Implants
- Remote Administration Tools (RAT)
- Remote Code Execution Exploits for IIS, RDP, RPC, and SMB Protocols (Some Zero-Days)
- SMB BackDoor (Implant)
But most interesting of them all was the Remote Administration Tool (RAT) dubbed, “DanderSpritz” revealed by Edward Snowden in previously released documents.
Jacob Williams, a malware researcher, found tools may also include a Fully Undetectable Malware (FUD) toolkit. This was after he looked through the screenshots and “the output of the find command across the dump” provided by the black hat group as proof of its legitimacy.
The apparent FUD toolkit has the ability to “evade/bypass personal security products,” as seen in the screenshot above the products listed are, Avast, Avira, Comodo, Dr. Web, Kaspersky, McAfee, Microsoft Security Essentials, Eset, Panda, Symantec, and Trend Micro.
Any potential buyers can now freely purchase the toolkit used by the Equation Group to help breach foreign intelligence around the world now.