‘Pandemic’ reveals the role of a persistent implant for Microsoft Windows file servers, accessed by remote machines to run programs, according to a statement from WikiLeaks.
The project acts as a ‘Patient Zero’ – a term used to describe the first identified carrier of a communicable disease during an outbreak.
— RT (@RT_com) May 12, 2017
‘Pandemic’ disguises itself on the infected source machine where the targeted files remain unchanged.
It’s modified when in transit from the source file server to the remote machine. When executed on the new machine ‘Pandemic’ will install the program, an iteration of which will now contain modified code.
‘Pandemic’ can replace up to 20 programs, with a maximum size of 800MB.
— WikiLeaks (@wikileaks) June 1, 2017
According to WikiLeaks “a single computer on a local network with shared drives that’s infected with the ‘Pandemic’ implant will act like a ‘Patient Zero’ in the spread of a disease.”
The latest release, which consists of five files, does not make clear if the infected machines become new pandemic servers, although WikiLeaks claims this is technically feasible.
According to the ‘Pandemic’ documentation its installation takes between 10 to 15 seconds.
The release is the latest in WikiLeaks’ ‘Vault7’ series, detailing hacking techniques allegedly sourced from within the CIA.
Previous releases have revealed techniques used to weaponize mobile phones, conduct surveillance via Smart TVs and load and execute malware on a target machine.