\u201cPhineas Fisher\u201d aka @GammaGroupPR, a parody Twitter account of the Gamma Group that specializes in FinFisher spyware, certainly knows how to snag attention. Its very first tweet\u00a0announced, \u201cHere at Gamma International, we've run out of governments to sell to, so we're opening up sales to the general public!\u201dHere at Gamma International, we've run out of governments to sell to, so we're opening up sales to the general public!\u2014 Phineas Fisher (@GammaGroupPR) August 3, 2014Then come the links to leaked FinFisher documents stored in Dropbox, including a product brochure featuring FinFisher\u2019s selection of monitoring software and capabilities (pdf), user manual with troubleshooting tips for setting up a FinSpy server, price list, release notes for FinSpy Mobile 4.51, and another document that spells out how well the spyware does on Windows Mobile devices.WikiLeaks Spy Files first released documents detailing FinFisher in 2011. Citizen Lab research from 2012 showed how the sneaky FinFisher surveillance had gone mobile. The leaked documents via @GammaGroupPR are the newest, with some dated April 2014.Spyware, Trojan\u2026you can call FinFisher whatever you want, but it\u2019s malware meant to surreptitiously monitor targets. As malware, you would hope that antivirus solutions would detect and block it. Here\u2019s a screenshot showing how \u201c@avast_antivirus was irresponsibly interfering with law enforcement investigations by detecting FinSpy 4.50.\u201d Thanks to @GammaGroupPR, you can see the extended test results, dated on April 2014, for the 35 antivirus products that detect FinFisher products on Windows XP, Windows 7 and Windows 8.Although the HotFix release notes for FinSpyPC 4.51 (pdf) discuss OS X and Linux, since this is the Microsoft Subnet, here\u2019s what it says about Windows as the target: Gamma InternationalIn red text, it specifies that the Trojan was adapted so it would avoid detection by Microsoft Security Essentials and Avast antivirus. In other words, Microsoft and Avast had been working to block the spyware. Microsoft\u2019s Skype had also notified users via a popup before tweaks were made so FinSpyPC would fly under the radar.Other tidbits from the user manual include that FinSpy can't run without Microsoft .NET Framework being installed on Windows machines. The "Trust Center" settings must be changed in Microsoft Office for Word 2003 or 2007; \u201cif not, FinSpy Agent will not be able to infect Microsoft Word (.doc) documents.\u201d Another limitation deals with the Windows 8 Metro version of Skype, which is not supported.Here\u2019s a sample of what it would look like to analyze the data of a FinSpy target, but other screenshots show how an \u201cagent\u201d can add comments on the \u201cScreen Recording\u201d such as \u201cMSN conversation which might prove subject involvement in case.\u201dYet another description from the user manual about FinSpy modules claims that accessing file, changing files, command shell, deleted files, file access, forensic tools, keylogger, microphone, printer, scheduler, Skype, screen and webcam as well as VoIP all work with Microsoft Windows. Only a few also work with OS X and Linux.Below are the supported platforms, according to the release notes for FinSpy Mobile 4.51:\u201cWe've taken down our website at http:\/\/finsupport.finfisher.com\/ while we investigate rumors that it may have been hacked,\u201d @GammaGroupPR, tweeted yesterday, before the next tweet added, \u201cHope our customers' data is safe.\u201dIt\u2019s unknown if that is true; if FinFisher (government) customers\u2019 names or sensitive info were leaked, that would be a nasty break, huh?