1 June, 2017
Today, June 1st 2017,
WikiLeaks publishes documents from the "Pandemic" project of the CIA,
a persistent implant for Microsoft Windows machines that share files (programs)
with remote users in a local network. "Pandemic" targets remote users
by replacing application code on-the-fly with a trojaned version if the program
is retrieved from the infected machine. To obfuscate its activity, the original
file on the file server remains unchanged; it is only modified/replaced while
in transit from the pandemic file server before being executed on the computer
of the remote user. The implant allows the replacement of up to 20 programs
with a maximum size of 800 MB for a selected list of remote users (targets).
As the name suggests, a single
computer on a local network with shared drives that is infected with the
"Pandemic" implant will act like a "Patient Zero" in the
spread of a disease. It will infect remote computers if the user executes
programs stored on the pandemic file server. Although not explicitly stated in
the documents, it seems technically feasible that remote computers that provide
file shares themselves become new pandemic file servers on the local network to
reach new targets.
Leaked Documents
No comments:
Post a Comment