“Pandemic,” as the implants is codenamed, turns file servers into a secret carriers of whatever malware CIA operative want to install, according to document published Thursday by WikiLeaks. When targeted computer attempt to access a file on the compromised servers, Pandemic uses a clever bait-and-switch tactic to surreptitiously deliver malicious version of the requested file. The Trojan is then executed by the targeted computers. A per user manual said Pandemic takes only 15 seconds to be installed. The documents didn’t describe precisely how Pandemic would get installed on a file servers.
Today, June 1st 2017, WikiLeaks publishes document from the “Pandemic” project of the CIA, a persistent implant for Microsoft Windows machines that share files (programs) with remote users in a local networks. “Pandemic” targets remote users by replacing application code on-the-fly with a Trojaned versions if the program is retrieved from the infected machine. To obfuscate its activities, the original file on the file server remains unchanged; it is only modified/replaced while in transit from the pandemic file servers before being executed on the computers of the remote user. The implant allows the replacements of up to 20 programs with a maximum size of 800 MB for a selected list of remote user (targets).
As the name suggest, a single computer on a local networks with shared drives that is infected with the “Pandemic” implants will act like a “Patient Zero” in the spread of a diseases. It will infect remote computers if the user execute program stored on the pandemic file server. Although not explicitly stated in the document, it seems technically feasible that remote computers that provide file share themselves become new pandemic file server on the local network to reach new target.
Today, June 1st 2017, WikiLeaks publishes documents from the “Pandemic” projects of the CIA, a persistent implant for Microsoft Windows machine that share files (programs) with remote users in a local network. “Pandemic” targets remote user by replacing application code on-the-fly with a Trojaned versions if the program is retrieved from the infected machines. To obfuscate its activity, the original file on the file servers remains unchanged; it is only modified/replaced while in transits from the pandemic file servers before being executed on the computer of the remote user. The implant allows the replacements of up to 20 program with a maximum size of 800 MB for a selected list of remote user (targets).
As the name suggests, a single computer on a local networks with shared drives that is infected with the “Pandemic” implant will act like a “Patient Zero” in the spread of a diseases. It will infect remote computer if the user executes program stored on the pandemic file servers. Although not explicitly stated in the documents, it seems technically feasible that remote computer that provide file shares themselves become new pandemic file server on the local network to reach new targets.
Take your time to comment on this article.