Cybersecurity

WIKILEAKS DUMPS CIA PATIENT ZERO WINDOWS IMPLANT

WikiLeaks on Thursday made public a CIA implant that is used to turn a Windows file server into a malware distribution point on the local network.

The documents describing the tool, Pandemic, explain how remote machines on the local network trying to download and-or execute documents from the file server over SMB are infected with “replacement” documents on the fly. The implant swaps out the document with a Trojanized version while it’s in transit, never touching the original document on the file server.

The documentation that was leaked yesterday spans from January 2014 to April 2014 and is for versions 1.0 and 1.1.

The leaks are just the latest CIA tools to be dumped on the internet by the polarizing whistleblower outfit, which has for every Friday since March—save last week—put CIA documents and attacks online for public consumption.