Binary Protectors Blog

Peace Of Mind Isn’t Priceless.

  • Home
    Home This is where you can find all the blog posts throughout the site.
  • Categories
    Categories Displays a list of categories from this blog.
  • Tags
    Tags Displays a list of tags that have been used in the blog.
  • Bloggers
    Bloggers Search for your favorite blogger from this site.
  • Team Blogs
    Team Blogs Find your favorite team blogs here.
  • Login
    Login Login form
Subscribe to this list via RSS Blog posts tagged in New CIA Tools Hacks
CIA Tool Hacks Windows Computers Silently over the Internet

WikiLeaks has published a new batch of the ongoing Vault 7 leak, this time detailing an alleged CIA project that allowed the agency to turn Windows file servers into covert attack machines that can silently infect other computers of interest inside a targeted network.

Codenamed Pandemic, the tool is a persistent implant for Microsoft Windows machines that share files with remote users on a local network.

The documents leaked by the whistleblower organisation date from April 2014 to January 2015.

According to WikiLeaks, Pandemic infect networks of Windows computers through the Server Message Block (SMB) file sharing protocol by replacing application code on-the-fly with a trojanized version of the software.

"Pandemic is a tool which is run as kernel shellcode to install a file system filter driver," a leaked CIA manual reads. "The filter will 'replace' a target file with the given payload file when a remote user accesses the file via SMB (read-only, not write)."


'Pandemic' Turns File Servers into 'Patient Zero'

Once compromised, the infected Windows file server acts as a "Patient Zero" – the first identified carrier of any communicable disease during an outbreak – which is then used to deliver infections on machines inside the network.

Now, whenever any targeted computer attempts to access a file on the compromised server, Pandemic intercepts the SMB request and secretly delivers a malicious version of the requested file, which is then executed by the targeted computer.

According to the user manual, Pandemic takes only 15 seconds to be installed on a target machine and can replace up to 20 legitimate files (both 32-bit and 64-bit files) at a time with a maximum file size of 800MB.

Since the tool has been specifically designed to infect corporate file sharing servers and turns them into a secret carrier for delivering malware to other persons on the target network, it has been named Pandemic.'

Peace Of Mind Isn’t Priceless.


Alex Athineos,
The Hacking News

Tagged in: New CIA Tools Hacks
Hits: 2982