First UEFI malware discovered

Chat about just about anything else
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 30 days after creation.
Locked
kukamuumuka

First UEFI malware discovered

Post by kukamuumuka »

One good reason for not to use UEFI.
https://arstechnica.com/information-tec ... -russians/
ESET Research has published a paper detailing the discovery of a malware campaign that used repurposed commercial software to create a backdoor in computers’ firmware—a “rootkit," active since at least early 2017 and capable of surviving the re-installation of the Windows operating system or even hard drive replacement. While the malware had been spotted previously, ESET’s research is the first to show that it was actively attacking the firmware of computers to establish a tenacious foothold.
Last edited by LockBot on Wed Dec 07, 2022 4:01 am, edited 1 time in total.
Reason: Topic automatically closed 30 days after creation. New replies are no longer allowed.
Top
User avatar
Pierre
Level 21
Level 21
Posts: 13215
Joined: Fri Sep 05, 2008 5:33 am
Location: Perth, AU.

Re: First UEFI malware discovered

Post by Pierre »

Yeah Well - was just a Matter of Time, really.
:roll:
Dubbed “LoJax,” the malware is the first case of an attack leveraging the Unified Extensible Firmware Interface (UEFI) boot system - being used in an attack by an adversary .. ..
Image
Please edit your original post title to include [SOLVED] - when your problem is solved!
and DO LOOK at those Unanswered Topics - - you may be able to answer some!.
Top
gm10

Re: First UEFI malware discovered

Post by gm10 »

administrollaattori wrote: Wed Oct 10, 2018 1:50 am One good reason for not to use UEFI.
Bootkits exist for both BIOS and UEFI and have been around for a while:
https://www.webroot.com/blog/2011/09/13 ... -the-wild/
Top
Faust

Re: First UEFI malware discovered

Post by Faust »

gm10 wrote: Wed Oct 10, 2018 3:04 am Bootkits exist for both BIOS and UEFI and have been around for a while:
https://www.webroot.com/blog/2011/09/13 ... -the-wild/
Although outdated , that link makes for some fascinating reading .
Thanks for posting .

When the malware is dissected into steps like that , it clearly shows that no one step is actually that difficult ,
at least not to anyone with a handful of coding skills , in a few key areas .
Top
gomerpile

Re: First UEFI malware discovered

Post by gomerpile »

This is why tpm are the best security one can get. Without one is like drinking and driving going through a ride check point.
Top
kukamuumuka

Re: First UEFI malware discovered

Post by kukamuumuka »

gomerpile wrote: Sun Oct 21, 2018 3:15 am This is why tpm are the best security one can get. Without one is like drinking and driving going through a ride check point.
Even better is an old mechanical cmos switch. Unfortunately in modern computers have no mechanical switches. :roll:
Top
User avatar
BG405
Level 9
Level 9
Posts: 2507
Joined: Fri Mar 11, 2016 3:09 pm
Location: England

Re: First UEFI malware discovered

Post by BG405 »

Easy fix, if you can get at the coin cell or reset jumper.

Easier prevention, don't run Windows or at least don't get software from untrusted sources; in particular piracy a.k.a. filesharing sites.
Dell Inspiron 1525 - LM17.3 CE 64-------------------Lenovo T440 - Manjaro KDE with Mint VMs
Toshiba NB250 - Manjaro KDE------------------------Acer Aspire One D255E - LM21.3 Xfce
Acer Aspire E11 ES1-111M - LM18.2 KDE 64 ----Two ROMS don't make a WRITE
Top
Locked

Return to “Open Chat”