Robert Lemos, SecurityFocus 2006-01-26
ARLINGTON, Virginia -- Insider attacks and industrial espionage could become more stealthy by hiding malicious code in the core system functions available in a motherboard's flash memory, researchers said on Wednesday at the Black Hat Federal conference.
Colapse all |
Post comment
Researchers: Rootkits headed for BIOS
2006-01-27
cowbutt
cowbutt
'While Hoglund believed that most computers would not have protections against writing to flash memory turned on by default, NGSSoftware's Heasman disagreed.
"The obstacles to deployment are numerous," Heasman said. "Almost all machines have a physical protection, such as a jumper on the motherbo...
[ more ] [ reply ]
"The obstacles to deployment are numerous," Heasman said. "Almost all machines have a physical protection, such as a jumper on the motherbo...
[ more ] [ reply ]
Researchers: Rootkits headed for BIOS - Jumper fo rflashing?
2006-01-27
Jim Gorski (2 replies)
Jim Gorski (2 replies)
I have not seen a motherboard that required a jumper to flash the BIOS in the past six years. Most systems are easily flashed. On the other hand, most systems could not be easily reflashed surreptitiously....
[ more ] [ reply ]
[ more ] [ reply ]
Re: Researchers: Rootkits headed for BIOS - Jumper fo rflashing?
2006-01-27
thejynxed
thejynxed
I know at least on my home systems, whenever I flash the BIOS, it asks for the BIOS administrator password. Installing a rootkit into BIOS would in alot of cases require the rootkit writer to not only know what operating system, the specific hardware in the system, etc. they have to write the kit fo...
[ more ] [ reply ]
[ more ] [ reply ]
Researchers: Rootkits headed for BIOS
2006-01-27
mubix
mubix
Great article, I do believe there is a typo in the last sentence though. I am sorry that I missed out on what seems to be a great speech. Did the speaker give any references or materials where a concerned sys admin could read up on this? I am sure that there are plenty of sys admins that are extreme...
[ more ] [ reply ]
[ more ] [ reply ]
Researchers: Rootkits headed for BIOS
2006-01-27
Bela from VA (1 replies)
Bela from VA (1 replies)
"This is platform independent," Heasman said. "We can write a backdoor for Windows that will elevate privilege, and turn around and use the code on Windows."
Well, porting from Windows to Windows isn't always easy ......
[ more ] [ reply ]
Well, porting from Windows to Windows isn't always easy ......
[ more ] [ reply ]
It wouldn't be that easy!!!
2006-01-27
janice
janice
Sure , I see that everyone is crying out for motherboard jumpers now...It's not that easy though , what do you think that writing the code it's all.Placing it on the BIOS memory would be , let's say also easy , but what then.It could read some arbitrary memory pools and dump them where , how would i...
[ more ] [ reply ]
[ more ] [ reply ]
Quibble - rootkit for OS X
2006-01-27
Anonymous (1 replies)
Anonymous (1 replies)
Following the links pointed back to a reference to the Opener startup script.
Opener isn't a rootkit. No kernel extensions are installed, no system diagnostic binaries are replaced. It's written in generously commented bash. It doesn't even put a '.' in front of the files it creates.
It is ...
[ more ] [ reply ]
Opener isn't a rootkit. No kernel extensions are installed, no system diagnostic binaries are replaced. It's written in generously commented bash. It doesn't even put a '.' in front of the files it creates.
It is ...
[ more ] [ reply ]
Re: Quibble - rootkit for OS X
2006-01-30
Anonymous
Anonymous
Myopic although correct comment. Think in terms of Geometry, points and rays. All technology is a ray, not a point. It starts and then goes towards infinity. Of course now it doesn't have '.' but we are only looking at the point of the ray, not at the direction 10 weeks, months, or years, from no...
[ more ] [ reply ]
[ more ] [ reply ]
Researchers: Rootkits headed for BIOS
2006-01-27
Gimping 8600
Gimping 8600
If Vendors could write usable ACPI code, I'd be worried. But, most of them can't. So I'm not
Hey Mr Root-Kit writer! Could you add an extention that makes the power/performance/charge model actually work on my laptop, and also so it doesn't blow-out the battery charger and monitoring circuits ...
[ more ] [ reply ]
Hey Mr Root-Kit writer! Could you add an extention that makes the power/performance/charge model actually work on my laptop, and also so it doesn't blow-out the battery charger and monitoring circuits ...
[ more ] [ reply ]
Not actually
2006-01-27
Prisoner (1 replies)
Prisoner (1 replies)
BIOS was made in 1980's! Use BIOS for virus or rootkit will have been CIH in final. It's subject not actually, because EFI 1.10 is technology of the future. BIOS will be died in near future, such as old technology!...
[ more ] [ reply ]
[ more ] [ reply ]
Researchers: Rootkits headed for BIOS
2006-01-29
Anonymous (3 replies)
Anonymous (3 replies)
Until you've seen a 'malware/trojan/rootkit' that actually writes to eeproms, don't dismiss the theory so quickly. I speak from experience, as I actually got hit with that very malady around 4Q 2004. This particular offering (not sure what else to call it) did indeed flash the bios in two networke...
[ more ] [ reply ]
[ more ] [ reply ]
Re: Researchers: Rootkits headed for BIOS
2006-01-30
sk8r (2 replies)
sk8r (2 replies)
I would really like to take a look at those machines since it sounds really interesting.I also had a problem flashing my passworded bios laptop and wouldn't flash without the password so I wonder how was that possible on your end.If you are willing to share, post a link or something on this comment ...
[ more ] [ reply ]
[ more ] [ reply ]
Re: Re: Researchers: Rootkits headed for BIOS
2006-01-31
Anonymous
Anonymous
Oh it wouldn't flash without entering the password, but it wouldn't boot without entering the password either. It wasn't a password set on the disk, just plain old bios password. So the laptop would boot to the password entry screen for the bios no matter what the circumstances (boot from floppy, ...
[ more ] [ reply ]
[ more ] [ reply ]
Re: Re: Researchers: Rootkits headed for BIOS
2006-02-03
Anonymous (1 replies)
Anonymous (1 replies)
I would be interested to talk to you about it and provide my two machines for research. Both machines have the identical problem since Q3 2004. Please let me know how to contact you....
[ more ] [ reply ]
[ more ] [ reply ]
Re: Researchers: Rootkits headed for BIOS
2006-07-28
ABG
ABG
This information is remarkable to me. I don't understand why there is even a debate about bios rootkits, if this information is correct. I am researching this because I am having symptoms like the aforementioned, also passed on a linksys network. I also think that a linux virtual machine is the c...
[ more ] [ reply ]
[ more ] [ reply ]
Re: Researchers: Rootkits headed for BIOS
2006-11-19
hylas
hylas
I also speak from experience, ... on Macintoshes.
" ... hacked windows files stored in the hidden drive areas marked as bad sectors or obscured through geometry changes. Any reinstall would start normally from the cd, but you would observe at some point foreign (unsual) files and drivers begin to...
[ more ] [ reply ]
" ... hacked windows files stored in the hidden drive areas marked as bad sectors or obscured through geometry changes. Any reinstall would start normally from the cd, but you would observe at some point foreign (unsual) files and drivers begin to...
[ more ] [ reply ]
Researchers: Rootkits headed for BIOS
2006-02-06
Anonymous
Anonymous
who garantues that there arent already spy bits in existing bioses by vendors?
If sony distributes rootkits on audio cds how can a consumer be sure that buying pc hardware or consoles with inet access (like xbox crap e.g.) dont abuse their closed source bios to do malicious stuff?
Theres as much t...
[ more ] [ reply ]
If sony distributes rootkits on audio cds how can a consumer be sure that buying pc hardware or consoles with inet access (like xbox crap e.g.) dont abuse their closed source bios to do malicious stuff?
Theres as much t...
[ more ] [ reply ]
Researchers: Rootkits headed for BIOS
2006-02-07
Samuel Stetler
Samuel Stetler
Lets start with the problems in this article.
First it is true that most main boards that are deployed now do not need a jumper to be moved to allow the BIOS to be flashed. So flashing the BIOS would not be incredibly hard to do. Of course you would have to deal with the fact that there are a nu...
[ more ] [ reply ]
First it is true that most main boards that are deployed now do not need a jumper to be moved to allow the BIOS to be flashed. So flashing the BIOS would not be incredibly hard to do. Of course you would have to deal with the fact that there are a nu...
[ more ] [ reply ]
Researchers: Rootkits headed for BIOS
2006-02-13
Black~Feather (1 replies)
Black~Feather (1 replies)
Try this with norton ghost 2003 - boot from a floppy made from "machine A". Write protect the disk. Now go boot another machine with said floppy "Machine B". after running ghost, control c out of it, ghost will crash to floppy (command.com) and GHOST WILL WRITE TO THE "WRITE PROTECTED" BOOT FLOPPY D...
[ more ] [ reply ]
[ more ] [ reply ]
Researchers: Rootkits headed for BIOS
2006-03-25
CONFIRMED ROOTKIT TROJAN / SCRIPTING IN BIOS (5 replies)
CONFIRMED ROOTKIT TROJAN / SCRIPTING IN BIOS (5 replies)
THE MALICIOUS SCRIPT IS IN THE BIOS, script is easily seen on top of browser while in safe mode. AFTER FLASHING THE BIOS AS WELL AS CLEARING CMOS numerous times, THE TROJAN/evil thing REMAINS. Wiping hard drives clean, purchasing new hard drives, new computers, nothing gets rid of it! THERE IS NO AN...
[ more ] [ reply ]
[ more ] [ reply ]
Re: Researchers: Rootkits headed for BIOS
2006-07-28
ABG
ABG
I Second the aforementioned information. I have this virus Rootkit too.
Here is a thought, however: Perhaps you and I really are being watched? Perhaps someone local to us was able to access our internet access. Then the government via this powerful bios related rootkit is watching our every ...
[ more ] [ reply ]
Here is a thought, however: Perhaps you and I really are being watched? Perhaps someone local to us was able to access our internet access. Then the government via this powerful bios related rootkit is watching our every ...
[ more ] [ reply ]
Re: Researchers: Rootkits headed for BIOS
2006-11-19
hylas
hylas
You are not going crazy, it's real.
I concur with 99% of what you have written, it's the same thing, (I have Macs, System 7 - OS X 10.4.x)
See my previous post above - I'm coming late to this thread.
This has been around a long time, I first found it (fought it in '97).
Most recently '05, I'm su...
[ more ] [ reply ]
I concur with 99% of what you have written, it's the same thing, (I have Macs, System 7 - OS X 10.4.x)
See my previous post above - I'm coming late to this thread.
This has been around a long time, I first found it (fought it in '97).
Most recently '05, I'm su...
[ more ] [ reply ]
Re: Researchers: Rootkits headed for BIOS
2007-06-11
Anonymous
Anonymous
tried to respond and the post went away. yeah back up all you say. anyone who has not lived through this and goes thru their silly checklist like I did not do something right, etc. I do not give the time of day. I could add some things i found pretty specific stuff. i am sure others found their own ...
[ more ] [ reply ]
[ more ] [ reply ]
Re: Researchers: Rootkits headed for BIOS
2007-07-09
Burnt-out-User
Burnt-out-User
I have spent the last 5 weeks trying all the same things you described. When I originally gave up and replaced the hard drives I thought it would be the end. Some how it now seems to start making its changes faster. Once I have reinstalled Windows XP Pro from the original disk, it only takes about 1...
[ more ] [ reply ]
[ more ] [ reply ]
I believe I have a way to defeat it...The problem is will you believe me!
2006-04-04
Mike (2 replies)
Mike (2 replies)
Whether you believe it or not....
Back in 1996, I had a difficult problem....I was running a home based PC repair company. I had purchased a DOS version 5 from a company which was a international distributor of clone computers, etc. The DOS was represented as Microsoft...but it turned out to be n...
[ more ] [ reply ]
Back in 1996, I had a difficult problem....I was running a home based PC repair company. I had purchased a DOS version 5 from a company which was a international distributor of clone computers, etc. The DOS was represented as Microsoft...but it turned out to be n...
[ more ] [ reply ]
Re: I believe I have a way to defeat it...The problem is will you believe me!
2006-04-26
Anonymous
Anonymous
OK. this is either awesome or a sales scam. I would hope that one who claims to be able to "save the world" from rootkits would be altruistic enough to share the info without trying to capitalize on it. I suspect its BS because its out of character if a tech, Looks salesy to me.,...
[ more ] [ reply ]
[ more ] [ reply ]
Re: I believe I have a way to defeat it...I hope!!
2007-06-11
blu
blu
We got hit by something vicious late nov 2006. I am no expert but was led thru books, including a new one on 'bios level RT'. This thing spread from xp, hoped on Linux, macos even faster. Actually I found a big clue in the boot file off the mac. Not to go into detail, but I started considering it. T...
[ more ] [ reply ]
[ more ] [ reply ]
Researchers: Rootkits headed for BIOS
2006-05-25
Anonymous (4 replies)
Anonymous (4 replies)
I've been experiencing this technology since November 2005. It is extremely malicious, invasive and disruptive. I know that those perpetrating this crime are serious white collar criminals with a 20 year history in mainstream money laundering. It would be prudent for the community to note that Windo...
[ more ] [ reply ]
[ more ] [ reply ]
Re: Researchers: Rootkits headed for BIOS
2006-07-28
ABG (1 replies)
ABG (1 replies)
Now what do we do? How can we get this information from you and the proof that they are the creators?
I must have this information. They must surely pay the price for the distruction they have caused to all these lives involved.
My marriage was almost ruined due to it. Please help with mo...
[ more ] [ reply ]
I must have this information. They must surely pay the price for the distruction they have caused to all these lives involved.
My marriage was almost ruined due to it. Please help with mo...
[ more ] [ reply ]
Re: Re: Researchers: Rootkits headed for BIOS
2006-09-26
Anonymous (1 replies)
Anonymous (1 replies)
I too have experienced the same devestating symptoms. Purchasing new hardware, etc.. and it some how came back. I have spent endless nights, weeks and months analyzing this horrific creation. Why someone would create such a piece of code is beyond me. I would like to know if anyone has had any s...
[ more ] [ reply ]
[ more ] [ reply ]
Re: Re: Re: Researchers: Rootkits headed for BIOS
2007-10-29
Anonymous
Anonymous
Recent findings.The vendor accidently left something on my pc that implicates very big powerful corps. I can trust no one. Microsoft has all kind of posts, essentially claiming many vendors changes to bios interferes with the OS. Intel has a disclaimer on their site re-vendor changes to their produc...
[ more ] [ reply ]
[ more ] [ reply ]
Re: Researchers: Rootkits headed for BIOS
2006-10-11
Anonymous (1 replies)
Anonymous (1 replies)
same problem here. It looks like "they" are an international criminal organization with ties to drug dealing and some satanic cult. They are spreading on every city.
They first control your computers. Then will check your house, and in my case actually performed a vicius attack with sleeping gas ...
[ more ] [ reply ]
They first control your computers. Then will check your house, and in my case actually performed a vicius attack with sleeping gas ...
[ more ] [ reply ]
Re: Re: Researchers: Rootkits headed for BIOS
2006-11-13
Anonymous
Anonymous
I work for a research institute at a major university in the USA and can confirm the pervasive nature of this situation. I have seen symptoms of this malicious code at work on WinXP PCs, Macs, and linux PCs. We have a number of computational grids (clusters) and servers, but I do not administrate th...
[ more ] [ reply ]
[ more ] [ reply ]
Researchers: Rootkits headed for BIOS
2007-02-27
hylas (1 replies)
hylas (1 replies)
If anyone would like to contact me about this thread:
[hylas [AT] operamail {DOT} com]
...
[ more ] [ reply ]
[hylas [AT] operamail {DOT} com]
...
[ more ] [ reply ]
Researchers: Rootkits headed for BIOS
2008-04-25
Anonymous (1 replies)
Anonymous (1 replies)
I have been fighting bios rootkits for 5 years.I was hacked by russian hackers.It attacks motherboards,video cards,pci cards,DVD/CD firmware,hard drive mbr.So no matter what you do it is allways protected.The only way to get rid of these rootkits are to replace the entire computer.No one believed me...
[ more ] [ reply ]
[ more ] [ reply ]
Re: Researchers: Rootkits headed for BIOS
2009-04-07
Anonymous
Anonymous
!!!!! PERMANATE BIOS ROOTKITS HAVE BEEN HERE FOR A DECADE !!!!!!
I have been attacked probably by the same Russian gang. Everyone's machine that I know has been captured by the BIOS based malware turning them into Spaming and/or anonymous proxy BOTs. I beleive my heavy metal home machine was a...
[ more ] [ reply ]
I have been attacked probably by the same Russian gang. Everyone's machine that I know has been captured by the BIOS based malware turning them into Spaming and/or anonymous proxy BOTs. I beleive my heavy metal home machine was a...
[ more ] [ reply ]
I don't know if I'm just reading this wrong, but did he mean to say Mac at the end of that quote?...
[ more ] [ reply ]