Mysterious Mac and PC Malware

[klikster]

This thing sounds like a nightmare. "badBIOS"

[HeijoshinCool]

And you want me to click on that, Klikster?

[klikster]

LOL! Sorry, HeijoshinCool.

That link is to the article in Arstechnica ----- maybe.

[schondie]

Yep, safe link. I read this earlier and it's pretty scary.

Obviously the organisation behind this is state sponsored. This could be a whole lot worse if it was leaked into the black hat scene.

[Bender]

nothing truelly amazing behind this news. Company like Intel, Amd, Microsoft, Apple, Hp, etc, etc.... does already have the technology for at least ten years or maybe from the begining.

Remember that, in sensible place, screen desktop used to be lead-strapped to prevent any leak (from a computer not connected to any network)

Now if the common hacker do found the way, then it's a different story!

Edited November 2, 2013 by Bender

[jbrain]

Yep, safe link. I read this earlier and it's pretty scary.

Obviously the organisation behind this is state sponsored. This could be a whole lot worse if it was leaked into the black hat scene.

You mean the link ends on www....................../nsa/gov.us ?

[manarak]

If the story is true and the findings real, the Ruiu guy probably got infected when he went out to work for a customer that was infected with that thing.

I do agree that it smells like major espionage league, state-sponsored or at the top corporate/mafia level, and that the rootkit was certainly not meant to spread uncontrolled beyond the infected party.

As many boards nowadays come with 128 MB and more of BIOS EEPROM, there is certainly enough space there to store the necessary drivers and the malware.

But this passage:

"We had an air-gapped computer that just had its [firmware] BIOS reflashed, a fresh disk drive installed, and zero data on it, installed from a Windows system CD," Ruiu said. "At one point, we were editing some of the components and our registry editor got disabled. It was like: wait a minute, how can that happen? How can the machine react and attack the software that we're using to attack it? This is an air-gapped machine and all of a sudden the search function in the registry editor stopped working when we were using it to search for their keys."

is farily improbable if they didn't have at some point an infected USB drive inside - how would the machine get infected after its BIOS had been flashed?

Edited November 2, 2013 by manarak