There's actually articles talking about this that are older. Tomshardware has an article from a little over a month ago. Supposedly the guy who found this has been talking about it for quite some time. Some big names in the security world have made comments about it, Bruce Schneier being one of them. I believe I saw somewhere that Ruiu is planning on doing a presentation about it soon-ish.
It'll definitely be interesting to hear more about what this does, how it works, and who created it.
The creators will most likely never be found, in today's world Internet anonymity is too easy to get.
I am a White Hat and I still have complete anonymity:
My set up:
- 2 back-to-back proxies - Russian, Estonian
- 2 VPN - NO LOGGING
- Tor Browser
As my set up is highly secure and Black-Hats are sure to be way more secure.
In early internet days, Malware authors were teenagers but now Cyber-Crime is a professional Job.
According to various sources, Silk Road (Former Internet Black-Market Website) had Malware for sale. Showing big Black-Market websites values Malware.
The reason hacker get caught is due to them being careless, this mostly occurs to Medium-Stage hackers (1 - 2 years of experience in Black Hatting) as some get too egoistic and stop being secure.
Or newbie black-hats don't know how to configure those properly thus they get caught.
As for Hard-Core hackers, they get caught solely due to a "tip-off" or gaining too much attention, which overwhelms the government, thus they research with thousands of dollars to track and apprehend the hacker.
As this malware is more or less very complex, it is bound that the author is a sophisticated programmer and a Hard-Core\Expert Hacker, however - it is not too popular, thus the chances are he will get caught is slim.
While it's all plausible, the requirements are insane - all the machines have to have a BIOS with the same security flaw(s) that allow the infection. After that, though, it's perfectly within reason that everything else reported is true.
ive seen it before. im in a computer technologies class and for learning we get clients to bring in computers and we fix them. ive seen the FBI virus, my friend has seen the cryptolock and i have seen the one in question
Even if this malware is so sophisticated it can't be that hard to analyze. He could simply dump the infected BIOS image and compare it to the clean one. Of course there are more places where it can hide but that would still provide some useful information.
I am pretty sure it's possible to make Arduino act as a USB host and then use it to dump data packets coming from the flash drive to see the first step of infection.
@OrionMaser: I meant that it must be possible to extract BIOS image from the chip. Also, on some motherboards the bios chip is not soldered but placed into a socket (at least on my motherboard) . Remove the chip, then read the data with some sort of hardware, like this guy did: http://irq5.io/2010/07/01/reading-bios-chips/
While it's all plausible, the requirements are insane - all the machines have to have a BIOS with the same security flaw(s)
On top of what L B said, Macs (like the guy in the article had) and many other modern computers don't have BIOS chips anymore. The article says it can infect EFI as well, but I find it hard to believe that someone produced such a smart virus that can take advantage of BIOS vulnerabilities from multiple manufacturers as well as a handful of different EFI implementations. Then from there take over a system with different processors and OS's in play? Plausible but highly, highly unlikely. And if someone or group of people were to make something like that, imagine how much they could sell that for! That's too great a virus to have on regular consumers' laptops and such.
Of course, you can send packets via NDIS drivers programming a virtual router. It must be using NDIS drivers to create virtual router to communicate.
The programmer must be familiar with Virtualization programming therefore s\he may be programming it.