Interesting malware (if true)
closed account (13bSLyTq)
Hi,
I am extremely interested in Malware, and I am researching into it. Thanks for the share.
It is a true, look through internet.
I am extremely interested in Malware, and I am researching into it. Thanks for the share.
It is a true, look through internet.
Last edited on
closed account (S6k9GNh0)
I wasn't aware that motherboard firmware was so vulnerable if this actually exists...
@EssGeEich
There's actually articles talking about this that are older. Tomshardware has an article from a little over a month ago. Supposedly the guy who found this has been talking about it for quite some time. Some big names in the security world have made comments about it, Bruce Schneier being one of them. I believe I saw somewhere that Ruiu is planning on doing a presentation about it soon-ish.
It'll definitely be interesting to hear more about what this does, how it works, and who created it.
There's actually articles talking about this that are older. Tomshardware has an article from a little over a month ago. Supposedly the guy who found this has been talking about it for quite some time. Some big names in the security world have made comments about it, Bruce Schneier being one of them. I believe I saw somewhere that Ruiu is planning on doing a presentation about it soon-ish.
It'll definitely be interesting to hear more about what this does, how it works, and who created it.
closed account (13bSLyTq)
Hi,
The creators will most likely never be found, in today's world Internet anonymity is too easy to get.
I am a White Hat and I still have complete anonymity:
My set up:
- 2 back-to-back proxies - Russian, Estonian
- 2 VPN - NO LOGGING
- Tor Browser
As my set up is highly secure and Black-Hats are sure to be way more secure.
In early internet days, Malware authors were teenagers but now Cyber-Crime is a professional Job.
For example:
According to various sources, Silk Road (Former Internet Black-Market Website) had Malware for sale. Showing big Black-Market websites values Malware.
_________
The reason hacker get caught is due to them being careless, this mostly occurs to Medium-Stage hackers (1 - 2 years of experience in Black Hatting) as some get too egoistic and stop being secure.
Or newbie black-hats don't know how to configure those properly thus they get caught.
As for Hard-Core hackers, they get caught solely due to a "tip-off" or gaining too much attention, which overwhelms the government, thus they research with thousands of dollars to track and apprehend the hacker.
_________
As this malware is more or less very complex, it is bound that the author is a sophisticated programmer and a Hard-Core\Expert Hacker, however - it is not too popular, thus the chances are he will get caught is slim.
The creators will most likely never be found, in today's world Internet anonymity is too easy to get.
I am a White Hat and I still have complete anonymity:
My set up:
- 2 back-to-back proxies - Russian, Estonian
- 2 VPN - NO LOGGING
- Tor Browser
As my set up is highly secure and Black-Hats are sure to be way more secure.
In early internet days, Malware authors were teenagers but now Cyber-Crime is a professional Job.
For example:
According to various sources, Silk Road (Former Internet Black-Market Website) had Malware for sale. Showing big Black-Market websites values Malware.
_________
The reason hacker get caught is due to them being careless, this mostly occurs to Medium-Stage hackers (1 - 2 years of experience in Black Hatting) as some get too egoistic and stop being secure.
Or newbie black-hats don't know how to configure those properly thus they get caught.
As for Hard-Core hackers, they get caught solely due to a "tip-off" or gaining too much attention, which overwhelms the government, thus they research with thousands of dollars to track and apprehend the hacker.
_________
As this malware is more or less very complex, it is bound that the author is a sophisticated programmer and a Hard-Core\Expert Hacker, however - it is not too popular, thus the chances are he will get caught is slim.
While it's all plausible, the requirements are insane - all the machines have to have a BIOS with the same security flaw(s) that allow the infection. After that, though, it's perfectly within reason that everything else reported is true.
closed account (Dy7SLyTq)
ive seen it before. im in a computer technologies class and for learning we get clients to bring in computers and we fix them. ive seen the FBI virus, my friend has seen the cryptolock and i have seen the one in question
Even if this malware is so sophisticated it can't be that hard to analyze. He could simply dump the infected BIOS image and compare it to the clean one. Of course there are more places where it can hide but that would still provide some useful information.
I am pretty sure it's possible to make Arduino act as a USB host and then use it to dump data packets coming from the flash drive to see the first step of infection.
I am pretty sure it's possible to make Arduino act as a USB host and then use it to dump data packets coming from the flash drive to see the first step of infection.
closed account (Dy7SLyTq)
| He could simply dump the infected BIOS image and compare it to the clean one |
closed account (13bSLyTq)
Hi,
Null, you can hide it in the hypervisor layer then hook interrupts and bam, you are hidden from kernel and bios, you are running parallel to those.
However it may have multiple persistence modules - Ring3, Ring0, Hypervisor, Boot Level, BIOS and maybe CPU level.
With these it can do what ever it likes. They all could maybe mointer each other. This means if one is removed it replaces it there again and so on.
Null, you can hide it in the hypervisor layer then hook interrupts and bam, you are hidden from kernel and bios, you are running parallel to those.
However it may have multiple persistence modules - Ring3, Ring0, Hypervisor, Boot Level, BIOS and maybe CPU level.
With these it can do what ever it likes. They all could maybe mointer each other. This means if one is removed it replaces it there again and so on.
@OrionMaser: I meant that it must be possible to extract BIOS image from the chip. Also, on some motherboards the bios chip is not soldered but placed into a socket (at least on my motherboard) . Remove the chip, then read the data with some sort of hardware, like this guy did: http://irq5.io/2010/07/01/reading-bios-chips/
Last edited on
| While it's all plausible, the requirements are insane - all the machines have to have a BIOS with the same security flaw(s) |
On top of what L B said, Macs (like the guy in the article had) and many other modern computers don't have BIOS chips anymore. The article says it can infect EFI as well, but I find it hard to believe that someone produced such a smart virus that can take advantage of BIOS vulnerabilities from multiple manufacturers as well as a handful of different EFI implementations. Then from there take over a system with different processors and OS's in play? Plausible but highly, highly unlikely. And if someone or group of people were to make something like that, imagine how much they could sell that for! That's too great a virus to have on regular consumers' laptops and such.
closed account (N36fSL3A)
Why was I reported?
Anyway, Orion, how long have you been hacking? You seem to know much more than I am comfortable with. :P
I don't know how it can send packets without suitable hardware.
Anyway, Orion, how long have you been hacking? You seem to know much more than I am comfortable with. :P
I don't know how it can send packets without suitable hardware.
closed account (13bSLyTq)
Hi,
I have been hacking for around 6 - 7 years.
Of course, you can send packets via NDIS drivers programming a virtual router. It must be using NDIS drivers to create virtual router to communicate.
The programmer must be familiar with Virtualization programming therefore s\he may be programming it.
Regards
OrionMaster
I have been hacking for around 6 - 7 years.
Of course, you can send packets via NDIS drivers programming a virtual router. It must be using NDIS drivers to create virtual router to communicate.
The programmer must be familiar with Virtualization programming therefore s\he may be programming it.
Regards
OrionMaster
Last edited on
Topic archived. No new replies allowed.