First UEFI malware discovered

Chat about just about anything else
Post Reply
User avatar
administrollaattori
Level 15
Level 15
Posts: 5646
Joined: Tue Sep 03, 2013 4:51 am
Location: Finland
Contact:

First UEFI malware discovered

Post by administrollaattori » Wed Oct 10, 2018 1:50 am

One good reason for not to use UEFI.
https://arstechnica.com/information-tec ... -russians/
ESET Research has published a paper detailing the discovery of a malware campaign that used repurposed commercial software to create a backdoor in computers’ firmware—a “rootkit," active since at least early 2017 and capable of surviving the re-installation of the Windows operating system or even hard drive replacement. While the malware had been spotted previously, ESET’s research is the first to show that it was actively attacking the firmware of computers to establish a tenacious foothold.

User avatar
Pierre
Level 17
Level 17
Posts: 7685
Joined: Fri Sep 05, 2008 5:33 am
Location: Perth, AU.

Re: First UEFI malware discovered

Post by Pierre » Wed Oct 10, 2018 2:02 am

Yeah Well - was just a Matter of Time, really.
:roll:
Dubbed “LoJax,” the malware is the first case of an attack leveraging the Unified Extensible Firmware Interface (UEFI) boot system - being used in an attack by an adversary .. ..
Image
Please edit your original post title to include [SOLVED] - when your problem is solved!
and DO LOOK at those Unanswered Topics - - you may be able to answer some!.

gm10
Level 13
Level 13
Posts: 4573
Joined: Thu Jun 21, 2018 5:11 pm

Re: First UEFI malware discovered

Post by gm10 » Wed Oct 10, 2018 3:04 am

administrollaattori wrote:
Wed Oct 10, 2018 1:50 am
One good reason for not to use UEFI.
Bootkits exist for both BIOS and UEFI and have been around for a while:
https://www.webroot.com/blog/2011/09/13 ... -the-wild/

User avatar
Faust
Level 4
Level 4
Posts: 440
Joined: Thu Jul 14, 2016 3:40 am

Re: First UEFI malware discovered

Post by Faust » Wed Oct 10, 2018 4:32 am

gm10 wrote:
Wed Oct 10, 2018 3:04 am
Bootkits exist for both BIOS and UEFI and have been around for a while:
https://www.webroot.com/blog/2011/09/13 ... -the-wild/
Although outdated , that link makes for some fascinating reading .
Thanks for posting .

When the malware is dissected into steps like that , it clearly shows that no one step is actually that difficult ,
at least not to anyone with a handful of coding skills , in a few key areas .
" And so it goes " - Kurt Vonnegut
The modern reality and the satirical parody are rapidly converging .

gomerpile
Level 1
Level 1
Posts: 36
Joined: Mon Feb 01, 2016 1:44 pm

Re: First UEFI malware discovered

Post by gomerpile » Sun Oct 21, 2018 3:15 am

This is why tpm are the best security one can get. Without one is like drinking and driving going through a ride check point.

User avatar
administrollaattori
Level 15
Level 15
Posts: 5646
Joined: Tue Sep 03, 2013 4:51 am
Location: Finland
Contact:

Re: First UEFI malware discovered

Post by administrollaattori » Sun Oct 21, 2018 3:23 am

gomerpile wrote:
Sun Oct 21, 2018 3:15 am
This is why tpm are the best security one can get. Without one is like drinking and driving going through a ride check point.
Even better is an old mechanical cmos switch. Unfortunately in modern computers have no mechanical switches. :roll:

User avatar
BG405
Level 7
Level 7
Posts: 1557
Joined: Fri Mar 11, 2016 3:09 pm
Location: England

Re: First UEFI malware discovered

Post by BG405 » Sun Nov 04, 2018 2:46 pm

Easy fix, if you can get at the coin cell or reset jumper.

Easier prevention, don't run Windows or at least don't get software from untrusted sources; in particular piracy a.k.a. filesharing sites.
Dell Inspiron 1525 - LM17.3 CE 64-------------------Acer D255E 2GB - Manjaro KDE, LM17.3 KDE 32
Toshiba NB305 - Manjaro KDE------------------------K7S5A AMD 1.2GHz - LM17.3 Xfce 32 & WinXP-Pro
Acer Aspire E11 ES1-111M - LM18.2 KDE 64 ----Dell PII 350 64MB - Puppy 4.3 & Win98-SE

Post Reply

Return to “Open chat”