It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

Vault 7 possible malware/dodgyness!

page: 1
10
<<   2  3 >>

log in

join
share:

posted on Mar, 9 2017 @ 08:17 AM
link   
Ok, as everyone is aware, vault7 got leaked, which included what seemed to be a full website. I noticed a few png images that were named *.png_2134 etc.. now after renaming these files to png, and opening them, they were icons of things such as tor, and other 'secure' apps. One thing I did notice, coming from a coding background, is that once I opened the png, a cmd prompt loaded quickly, way too fast to catch anything, and also sublime text editor seemed to open and create something? Since then I have noticed slight discrepancies with my system. I am not saying that this is for definite, but I am asking someone who is more technologically adept to possibly have a good look at these files and determine what may be inside? Something smells amiss. Might be wrong, but I do know that cmd and sublime text (why would this open??) are not part of the process of opening a png...

Anyone else notice this? Thoughts?

Apologies if posted, couldn't see anything about this.

pr0ph




posted on Mar, 9 2017 @ 08:23 AM
link   
a reply to: pr0ph3t

You know better than to open strange attachments within files.

Or maybe not...

(i hope you're not infected too)



posted on Mar, 9 2017 @ 08:26 AM
link   
a reply to: intrptr

Correction, I SHOULD know better! But yeah, the png files seem to be part of the webpage that is contained within the vault7 file. One such problem would be, if this whole thing is about all the zero days that the CIA have, and the file is indeed infected, then I'm willing to stake that it would act like a powershell, thus not showing up on any antivirus/rootkit detector....



posted on Mar, 9 2017 @ 08:28 AM
link   
Next time try doing g your snooping in something like Sandboxie . Will keep your system safer when poking around.



posted on Mar, 9 2017 @ 08:31 AM
link   
a reply to: kountzero

Yeah I know I know, I f***ed up... but alas, in this mistake I seem to have uncovered something peculiar... I'd like to think I didn't see a cmd or sublime text editor open up (let me just add... I don't have sublime text editor installed... I use monodevelop) but I know damn well what I saw.



posted on Mar, 9 2017 @ 08:34 AM
link   
When I opened the page in FF for Mac, I noticed a quickly appearing and disappearing page of code. Could be bad. Don't suggest clicking on that.



posted on Mar, 9 2017 @ 08:41 AM
link   
a reply to: Maverick7

So it isn't just me then. I might try to replicate it and screenie it, may as well now. I'll give it a bash.



posted on Mar, 9 2017 @ 08:48 AM
link   
Just also adding, when extracting the file, Wireshark.exe can be visibly seen as one of the things that extracts...

ibb.co...
edit on 9-3-2017 by pr0ph3t because: Edit to add screen capture of wireshark being extracted from vault 7



posted on Mar, 9 2017 @ 08:49 AM
link   
a reply to: pr0ph3t
Have you tried running scans on your PC to see if it finds anything? I am very interested to hear what you find.



posted on Mar, 9 2017 @ 08:49 AM
link   
a reply to: pr0ph3t

I think some people or (ahem) agencies will do anything to keep people from reading the content in those real releases.

Even spreading rumors.

Pssst, don't open that, its malware.

That and just blame the Russians, instead of addressing the actual content in the releases themselves.

I.e., The Russians did it but, (every I phone is a microphone) ... lulz.



posted on Mar, 9 2017 @ 08:52 AM
link   
a reply to: intrptr

But this isn't hearsay mate, this is what I myself have noticed. No Ruskies involved, just plain old observation.



posted on Mar, 9 2017 @ 08:58 AM
link   
a reply to: Martin75

Currently in the process of running scans, rootkit removers etc, but like I mentioned before, I'm pretty sure the people behind it would be a bit more tech-wise than to add something which will flag up as potentially dangerous. I will post back with results from scans



posted on Mar, 9 2017 @ 09:14 AM
link   

originally posted by: pr0ph3t
a reply to: intrptr

But this isn't hearsay mate, this is what I myself have noticed. No Ruskies involved, just plain old observation.

You're not sure though, not tech savvy, right? Just putting it out there, "somethings wrong".

That is the definition of 'here-say'.



posted on Mar, 9 2017 @ 09:22 AM
link   
a reply to: intrptr

I'm tech savvy enough to understand that wireshark should not be involved in a webpage file. I know what wireshark is, I oft use it myself on linux, I am not technologically retarded, I have spent my whole life dealing with systems, hence understanding that a cmd prompt, an automated script written in sublime text, and wireshark should definitely not appear in this leak. I also have ascertained that even though I know all this, I am still not tech savvy enough to understand what the frig happened with this file. As you can see from my screenshot, there is wireshark, the windows 64bit version, being extracted from a tar file that does not have the wireshark install file anywhere amongst its files, nor any other executable.



posted on Mar, 9 2017 @ 09:27 AM
link   
a reply to: pr0ph3t
Yup, I think that there is a virus present. Who knows what it is logging or tracking and to whom the file is being sent. Very interesting indeed!



posted on Mar, 9 2017 @ 09:27 AM
link   
a reply to: Martin75

Hey Martin, an update, scanned all system with trend house call + mcafee root kit remover, zilch, nadda, nothing.



posted on Mar, 9 2017 @ 09:30 AM
link   
a reply to: Martin75

I know it's a real bummer... I can't even peruse midget clown porn anymore without the overhanging thought of being monitored
No all jokes aside, this sh*t is sketchy!! Did you check my screen capture of wireshark?? I know the screenie says this file is skipped, because that was the second time I extracted it, just to get a glimpse of what it was extracting and get said screenie.



posted on Mar, 9 2017 @ 09:37 AM
link   

originally posted by: pr0ph3t
a reply to: intrptr

I'm tech savvy enough to understand that wireshark should not be involved in a webpage file. I know what wireshark is, I oft use it myself on linux, I am not technologically retarded, I have spent my whole life dealing with systems, hence understanding that a cmd prompt, an automated script written in sublime text, and wireshark should definitely not appear in this leak. I also have ascertained that even though I know all this, I am still not tech savvy enough to understand what the frig happened with this file. As you can see from my screenshot, there is wireshark, the windows 64bit version, being extracted from a tar file that does not have the wireshark install file anywhere amongst its files, nor any other executable.

Then like I said, some "alphabet" agency put it there, probably after it was released. Why would Wiki infect its own whistle blowing releases, they have a perfect record of integrity...



posted on Mar, 9 2017 @ 09:39 AM
link   
a reply to: intrptr

Yeah exactly mate, this is what I'm saying. I don't think wikileaks would put something like that in there at all, I think someone has either released it "on their behalf", or tampered with it... Either way, this is not like other releases!



posted on Mar, 9 2017 @ 09:40 AM
link   
I have odd things going on after uncompressing the files and reading.

My connection from this computer which is plugged into the router directly with ethernet cable will hang for maby 30 to 60 seconds then return to normal, say server not found in the browser, the router is not showing a loss or drop in connection and other devices connected to this router are not affected, (PS4 by ethernet cable, phone and tablet by wifi)

I don't see anything extra running in task manager, I have scanned the compressed and uncompressed Vault 7 folders and a whole deep scan with upto date Comodo Security Suit Premium and MalwareBytes Anti-Malware both of which have found nothing.

I see Vault 7 contains instuctions about unknown 0-Day hacks, and no executable files as far as I can see.



new topics

top topics



 
10
<<   2  3 >>

log in

join