Page 4 of 4 FirstFirst 1234
Results 61 to 66 of 66

Thread: Firmware Rootkits - detection 'tool' available?

  1. #61
    ~BD~
    Guest

    Re: Firmware Rootkits - detection 'tool' available?

    nobody > wrote:
    > The badasses have been trying to write a BIOS
    > rootkit for how many years now? Have we seen one yet? Do Sacco and
    > Ortega know something that the malware writers don't?
    >


    I've read many of your posts and respect your depth of knowledge.

    Perhaps I have misunderstood, but I thought that one of the objectives
    of *serious* 'malware' is to operate *unobserved*.

    Tell me, if the "badasses" as you call them have actually been
    successful, *how* would you know?

    You will only be able to read about such things once they come to light
    (think viruses 'in the wild'!).

    --
    Dave

  2. #62
    Stig Johansen
    Guest

    Re: Firmware Rootkits - detection 'tool' available?

    David H. Lipman wrote:

    > Just consider the idea of dlashing a BIOS. Whose BIOS ? Phoenix, Award
    > ??? For what system ?


    Consider this.
    It's pretty easy to discover what kind of Motherboard/bios that's running.

    Let's say, that my PC is running Award BIOS.

    Instead of injecting code into the existing BIOS, one could have an already
    made BIOS available, including malware - for flashing.

    > Take an Award BIOS for motherboard X. If you try to flash Motherboard X
    > with Award BIOS for motherboard Y, you'll have a dead system.


    As mentioned, one could have a library with BIOS'es for every combination.
    BIOS can be downloaded from the vendors and 'patchen', so it should be a 'no
    brainer' to flash the right BIOS to the right HW.

    > Thus the idea of infecting BIOS (at this time) is pure FUD and BoaterDave
    > is showing his trolling nature.


    Maybe, maybe not, i don't participate in this forum, so i don't know who is
    FUD'ing or not.

    --
    Med venlig hilsen
    Stig Johansen

  3. #63
    ~BD~
    Guest

    Re: Firmware Rootkits - detection 'tool' available?

    On 21/09/2009 17:46, Ant wrote:
    > "~BD~" wrote:
    >> Now, not just for me - but for everyone else reading this thread too -

    >
    > I'm reading and I don't need an explanation.
    >
    >> please explain just *how* you *know* that there are no "in the wild"
    >> methods of adding malware to parts of a computer other than the hard disk.

    >
    > Some of us in alt.computer.security (me included) research malware and
    > have contact with other researchers, some of whom do it for a living;
    > for example, they might work for an anti-virus company and have access
    > to thousands of current samples. I also keep up to date with what's
    > going on "in the wild" by following various security blogs and forums.
    >
    >> Just because *you* have never heard about it - does that make it a fact?

    >
    > Probably, because David does the same sort of thing and if there had
    > been any news he/I would have heard about it.
    >
    >


    Thanks for your views, Ant.

    I *do* understand what you say - my point is that you will *only* know
    about such things (if they *do* exist!) once it is discovered and made
    'public'!

    --
    Dave

  4. #64
    ~BD~
    Guest

    Re: Firmware Rootkits - detection 'tool' available?

    On 21/09/2009 13:04, Leythos wrote:
    > In article<84tyywx2zv84skegx2zv__84r5u0x2zv@yahoo.com>,
    > daves_not_here@SD235235.org says...
    >> You're usually reliable and helpful, but in this case you are unaware
    >> of a presistent BIOS rootkit that happened to be shipping with a
    >> variety of manufacturer's machines, highlighted at this year's
    >> BlackHat conference:
    >>

    >
    > Notice how IT SHIPPED ALREADY INSTALLED - that's significantly different
    > than being installed by browsing a website....
    >
    >

    What if *lots* of components (which are produced ..... let's say, in the
    far east) were 'infected' in manufacture - might folk in the west be
    hood-winked?

    Just a thought! ;)

    --
    Dave

  5. #65
    hwf
    Guest

    Re: Firmware Rootkits - detection 'tool' available?

    In message <zd2dnYYlh-YtYFnXnZ2dnUVZ8r2dnZ2d@bt.com>, ~BD~ wrote:
    > On 21/09/2009 13:04, Leythos wrote:
    > > In article<84tyywx2zv84skegx2zv__84r5u0x2zv@yahoo.com>,
    > > daves_not_here@SD235235.org says...
    > >> You're usually reliable and helpful, but in this case you are unaware
    > >> of a presistent BIOS rootkit that happened to be shipping with a
    > >> variety of manufacturer's machines, highlighted at this year's
    > >> BlackHat conference:
    > >>

    > >
    > > Notice how IT SHIPPED ALREADY INSTALLED - that's significantly different
    > > than being installed by browsing a website....
    > >
    > >

    > What if *lots* of components (which are produced ..... let's say, in the
    > far east) were 'infected' in manufacture - might folk in the west be
    > hood-winked?
    >
    > Just a thought! ;)
    >


    That was one of the prevailing arguments against selling IBM's laptop line to
    the chinese. Lenovos would be preconfigured to spy on their users.

    ^_^

    --
    http://www.care2.com/click-to-donate/wolves/
    Proof of Americas 3rd world status:
    http://www.ramusa.org/
    Cash for *who*?
    http://www.bartcop.com/list-the-facts.htm
    http://www.pavlovianobeisance.com/


  6. #66
    Jeffrey Bloss
    Guest

    Re: Firmware Rootkits - detection 'tool' available?

    On Sat, 19 Sep 2009 16:13:00 -0400, David H. Lipman wrote:

    > From: "nemo_outis" <abc@xyz.com>
    >
    >| "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in
    >| news:h92dgn02n5b@news3.newsguy.com:
    >
    >| ...
    >>>| While you're worrying, you might want to worry about *other* BIOSes
    >>>| besides the motherboard one. For instance, video cards have a BIOS
    >>>| and many ethernet cards do as well (as do SCSI cards and other less
    >>>| common possibilities). In principle any of these could harbour
    >>>| malware.

    >
    >>> In principle but not yet in actuality.

    >
    >| We agree on my qualification: in principle. To my knowledge there's
    >| nothing "in the wild." Yet!
    >
    >| However, if I were targetting a BIOS for malware insertion a graphics
    >| card would have considerable appeal.
    >
    >| For instance, nVidia has for a long time supported direct programming of
    >| the GPU (that's "G" not "C") through CUDA (and ATI more recently with
    >| Stream) using high-level languages such as C. The GPU is a very
    >| powerful processor and, to my knowledge, no anti-virus (or other
    >| anti-malware) program even looks at it as a threat source. Very likely
    >| a compromise of the graphics BIOS could be leveraged to use this
    >| separate processor.
    >
    >| Vaguely redolent of how a fireware DMA attack completely bypasses the
    >| CPU and therefore any anti-virus programs.
    >
    >| Regards,
    >
    > I remember reading about the FireWire exploitation,


    No ****ing ****. Thx for that post.
    --
    http://tr.im/1fa3

Similar Threads

  1. Firmware rootkits
    By ~BD~ in forum alt.computer.security
    Replies: 1
    Last Post: 09-18-09, 05:50 AM
  2. PEAK Wireless Broadband Router (Model# 6147ABPK) alternative firmware update source
    By Johnny B Good in forum alt.comp.networking.routers
    Replies: 4
    Last Post: 05-19-09, 04:28 PM
  3. Bioshock Activation revoke tool for DMR
    By Sava700 in forum Gaming
    Replies: 17
    Last Post: 12-05-07, 11:00 AM
  4. Umm how does it work?
    By Rivas in forum Console Gaming
    Replies: 17
    Last Post: 05-11-07, 12:27 AM
  5. Replies: 6
    Last Post: 01-29-07, 09:14 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •