Wikileaks Vault 7: Pandemic or Pandemic

Pandemic: WikiLeaks was released new documents in the Vault 7 series. This time it details a tool the CIA uses to spread malware on targeted organizations, services, or companies.

It is called a "pandemic," or "Pandemic," and can install a filter driver on the file system on a network, replacing legitimate files with malicious remote load via the SMB (Server Message Block) protocol.

"The pandemic does NOTHING change to the target file on disk. The targeted file on the Pandemic system is installed and remains unchanged. Targeted users with Pandemic use SMB to download the targeted file, with the “Replacement file,” the tool description says.P

This makes this tool very interesting since it is particularly difficult to locate the infected systems. Pandemic replaces the files during transfer instead of modifying them on the device, so the legitimate file remains unchanged.

Pandemic is a tool designed to work on Windows 32 and 64 bit systems and is initially installed on machines from which users download and execute remote files. The files released by WikiLeaks show that up to 20 files can be replaced each time, with a maximum size of 800 Mb.

"It simply came to our notice then , a single computer on a local area network with shared disks that is infected with the Pandemic implant will function as the patient zero in on the spread of a disease. It will infect remote computers if the user runs programs. ”

The documents explicitly state that it is technically possible, "remote computers that provide file shares are automatically converted to new Pandemic file servers on a local network to achieve infections on new targets," WikiLeaks reported.

The new leaks contain information, even about how to test if a system is infected by Pandemic.

Please be reminded that Wikileaks released documents in the Vault 7 series from 7 March, exposing more and more CIA hackers.

"Year Zero"The CIA is using popular hardware and software.
"Weeping Angel"The spying tool that the service uses to penetrate smart TVs, turning them into disguised microphones.
"Dark Matter"Exploits targeting iPhones and Mac.
"MarbleThe source code of a secret anti- . It is essentially an obfuscator used by the CIA to hide the real source of malware.
"Grasshopper"A framework that allows the information service to easily create custom malicious software to violate Microsoft Windows and bypass any virus protection.

"Archimedes"- a MitM attack tool allegedly created by the CIA for targeting computers within a local area network (LAN).
Scribbles” a piece of software designed to add 'web beacons' to classified documents to allow intelligence to monitor leaks.
Athena:is designed to be able to gain complete control over infected Windows computers by allowing the CIA to perform many functions on the target machine, such as data deletion or malware installation, data theft, and mission to CIA servers.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.087 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).