CIA Vault 7 Vulnerabilities in Anti-Virus Solutions

March 24, 2017 | Views: 5400

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Hi Everyone,

This is my first article for the 0P3N Knowledgebase, and what an eye-opener. The more you go into these documents the more you understand just how bad this leak really was. The tools they use I never even knew existed. Anyway, enjoy the article and comment on what you think of WikiLeaks CIA Vault 7. I do have more articles I need to tidy up before submitting them.

The anti-virus programs below were all exposed and used by the CIA, and I expect you are using at least one of them, like myself. The leaked documents on WikiLeaks, show that the CIA compromised the following Anti-Virus solutions, and did not report the vulnerabilities.

What makes this discovery even worse is that the CIA used the vulnerabilities to install malware on numerous devices. You can find that the news media is not shown any of this information on the CIA Vault 7 Leak, it’s about time the real extent needs to be publicly posted. Everything I have listed is in the main document, in some parts I did ‘drill-down’ to find this information. I was shocked to see virtually all the main anti-virus solutions have vulnerabilities.

Microsoft Security Essentials
Zone Alarm
Trend Micro
Panda Security
Malwarebytes Anti-Malware
PSP Process Names from DART
Zemana Antilogger
EMET (Enhanced Mitigation Experience Toolkit)
Articles on Exploiting PSPs

The further I went into these CIA Vault 7 documents, the worse the story became. I have listed the “Fine Dining Tool Module Lists” you will soon see that there is much more going on than the media posted.

Thunderbird Portable DLL Hijack
Chrome Portable DLL Hijack
LBreakout2 Game Portable DLL Hijack
2048 Game DLL Hijack
FoxitReader Portable DLL Hijack
Sophos Virus Removal Tool DLL Hijack
Kaspersky TDSS Killer Portable DLL Hijack
ClamWin Portable DLL Hijack
Iperius Backup DLL Hijack
OperaMail DLL Hijack
Sandisk Secure Access v2 DLL Hijack
LibreOffice Portable DLL Hijack
BabelPad Portable Hijack
Notepad++ DLL Hijack
McAfee Stinger Portable DLL Hijack
Skype Portable DLL Hijack
Opera Portable DLL Hijack

Under AIB Home > Projects (I found these entries)
MacAfee Virus Scan blocking injection into svc host
ESET firewall blocking for UDP, TCP, and ICMP

I saw JIRA reports, VMware and Configure Wireshark for Ubuntu.

The last of the information I found on Vault 7: CIA Hacking Tools Revealed was this:

iOS Exploits Data – [This is a must read if you use the iOS system]

You can see now all this data is used and who is behind the Top-Secret material. The agencies at the time of using these tools is clearly shown
I have only scratched the surface of the documents, which there is nearly 10,000 with more due to release.

I have been working one in one directory which you can view at this URL:

I hope you found this interesting for my first article. If you found it useful feel free to throw me a few Cybytes (only if you are rich!) and comment, please.

Take care, all.

Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
  1. Glad to see Vipre wasn’t on there! They seem to be pretty good from what I hear might have to use them take +5 for the great work!

  2. Did the article say anything on the exploits of Linux? I read above about iOS, but these tools are uses heavily on Microsoft Windows. If so, this is just another fine example of why having an updated Linux system is important and should be used regularly for sensitive online personal/business practices.

    • Hi S3nt1n31,

      Exploits on Linux are rare. Linux is mentioned, but not in the context of exploiting.

      The best way to go through the documents to find certain content is to use the Edit>Find in your browser from the Index Directory. I’ve checked a few times, but its mostly setting up various tools in a Linux environment.

      Linux is always more secure than Windows, especially with version 10! There is just too many security holes in Windows, and even the programs.

      Some people still have Apple QuickTime on a Windows setup, this shouldn’t even be on any Windows version now, the EOL was 2015 or 2016. Then you got the Adobe Flash Player browser plugin, coming to its EOL – but support using the Google Chrome browser has dropped it already, next inline is Microsoft Edge and Firefox.


  3. Very interesting! …and …WOW eh! +10

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?