Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


vault 7 bombshell

  • Please log in to reply
2 replies to this topic

#1 DeanDavis609


  • Members
  • 3 posts
  • Local time:01:57 PM

Posted 09 March 2017 - 04:37 PM

Anyone heard anything on an "antidote" for the wikileaks CIA proclaimed virus and Trojan issues affecting virtually every antivirus program out there?

Edited by hamluis, 09 March 2017 - 05:18 PM.
Moved from Win 7 to Gen Security - Hamluis.

BC AdBot (Login to Remove)


#2 Luxi_Terna


  • Banned Spammer
  • 35 posts
  • Gender:Female
  • Local time:04:57 PM

Posted 09 March 2017 - 10:23 PM

Executive summary:

Don't panic.



I spent about half a day reading those fascinating docs. Particularly interesting was the ways you can defeat antivirus.I expected Jedi-level hacking, but it was all just exploiting the crappy programming of antivir vendors. For example, Comodo (which I use) doesn't scan files in the recycle bin. I assume that's to speed up scan benchmarks. One of their notices advises the programmers to stash their ee-ville there and intercept API calls to empty the recycle bin.


Another was that one antivir product got complaints that it was reporting windows processes as viruses. That happened for a lot of reasons, and they'd have to change stuff for each one. So their incredibly stupid (but easy to implement) solution was to ignore everything that runs at system level(!)


A particularly clever technique is that they start the infector process in suspend mode. Antivir scans it when it is loaded into memory from disk. It also runs the suspect software in a sandbox for a few seconds to see if it triggers any heuristics. When a timer runs out, the bad program starts and decrypts itself.


The bottom line is that  the virus vendors will kill the antivir exploits, but the O/S penetration is what you have to worry about. Unfortunately, wikileaks censored out the windows hacks (but it was the right decision. They're giving them to microsoft to fix). That's what I really wanted to see. They did leave the code names, and I remember there were about 10 ways to defeat windows 7 security and gain system-level access.


It's too soon to expect a cure for the CIA malware, but keep your eye on industry news, like Infoworld security articles and blogs.  Don't worry; now that the malware is known, it will be dealt with. Just run win update every day or so and keep your  apps updated.


As much as I hate the CIA being in my PC, it is not dangerous, like viruses. The CIA won't empty out your bank account or steal your credit card number. In fact, they bend over backwards so they don't affect you or your PC at all. It's passive and transparent. They bug everybody's telephone and computer, but only look at you specifically if they think you're doing something they don't like. Or if you're the friend of a friend who emails someone on the terrorist watch list. I believe they take it three levels now. It used to be more.


They also collect and archive a HUGE amount of information they collect from everybody. For example, every minute or so, they record the location of every phone in the US 24/7, without using GPS. (It's a side-effect of how the cell system works. They just copy the phone company datastream in real time).


And  I know for a fact that every email you ever wrote is in Utah (their digital spy HQ). The NSA also passed everything you said  through an AI program that refers emails to human spooks. I heard they abandoned that though, due to the overwhelming flood of false positives and the fact that terrorists don't say "our bomb" in emails, they say things like "the gift."


(Info is from wikileaks, the washington post, a drunk NSA contractor friend trying to impress me because he wanted to, uhh... access something, and classes in computer security and forensics)

Edited by Luxi_Terna, 09 March 2017 - 11:02 PM.

#3 Crazy Cat

Crazy Cat

  • Members
  • 808 posts
  • Gender:Male
  • Location:Lunatic Asylum
  • Local time:09:57 AM

Posted 10 March 2017 - 04:49 PM

The CIA, https://en.wikipedia.org/wiki/Central_Intelligence_Agency (formally known as the OSS https://en.wikipedia.org/wiki/Office_of_Strategic_Services) role is to infiltrate governments (both hostile and allies), infiltrate corporates, and industrial espionage in the interests of the USA.

One example was, Operation Paperclip. https://en.wikipedia.org/wiki/Operation_Paperclip

Operation Paperclip: The Secret Intelligence Program to Bring Nazi Scientists to America.

Two things are infinite: the universe and human stupidity; and I'm not sure about the universe. ― Albert Einstein ― Insanity is doing the same thing, over and over again, but expecting different results.



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users