Jump to content
Advertise With Us! Or Sign Up To Remove Ads!

Archived

This topic is now archived and is closed to further replies.

Ukshep

WikiLeaks says CIA’s “Pandemic” turns servers into infectious Patient Zero

Recommended Posts

 Ukshep    19,938

WikiLeaks says CIA’s “Pandemic” turns servers into infectious Patient Zero

WikiLeaks just published details of a purported CIA operation that turns Windows file servers into covert attack machines that surreptitiously infect computers of interest inside a targeted network.

“Pandemic,” as the implant is codenamed, turns file servers into a secret carrier of whatever malware CIA operatives want to install, according to documents published Thursday by WikiLeaks. When targeted computers attempt to access a file on the compromised server, Pandemic uses a clever bait-and-switch tactic to surreptitiously deliver malicious version of the requested file. The Trojan is then executed by the targeted computers. A user manual said Pandemic takes only 15 seconds to be installed. The documents didn’t describe precisely how Pandemic would get installed on a file server.

In a note accompanying Thursday’s release, WikiLeaks officials wrote:

http://www.govtslaves.com/wikileaks-says-cias-pandemic-turns-servers-into-infectious-patient-zero/

You can see them here.

https://wikileaks.org/vault7/releases/#Pandemic

Pandemic - 1 June, 2017

Today, June 1st 2017, WikiLeaks publishes documents from the "Pandemic" project of the CIA, a persistent implant for Microsoft Windows machines that share files (programs) with remote users in a local network. "Pandemic" targets remote users by replacing application code on-the-fly with a trojaned version if the program is retrieved from the infected machine. To obfuscate its activity, the original file on the file server remains unchanged; it is only modified/replaced while in transit from the pandemic file server before being executed on the computer of the remote user. The implant allows the replacement of up to 20 programs with a maximum size of 800 MB for a selected list of remote users (targets).

As the name suggests, a single computer on a local network with shared drives that is infected with the "Pandemic" implant will act like a "Patient Zero" in the spread of a disease. It will infect remote computers if the user executes programs stored on the pandemic file server. Although not explicitly stated in the documents, it seems technically feasible that remote computers that provide file shares themselves become new pandemic file servers on the local network to reach new targets.

Possibly hinted at earlier in the day by someone on cop. Search pandemic on cop search if you feel like light entertainment!

Share this post


Link to post
Share on other sites

×