nobody > wrote:
> The badasses have been trying to write a BIOS
> rootkit for how many years now? Have we seen one yet? Do Sacco and
> Ortega know something that the malware writers don't?
>
I've read many of your posts and respect your depth of knowledge.
Perhaps I have misunderstood, but I thought that one of the objectives
of *serious* 'malware' is to operate *unobserved*.
Tell me, if the "badasses" as you call them have actually been
successful, *how* would you know?
You will only be able to read about such things once they come to light
(think viruses 'in the wild'!).
> Just consider the idea of dlashing a BIOS. Whose BIOS ? Phoenix, Award
> ??? For what system ?
Consider this.
It's pretty easy to discover what kind of Motherboard/bios that's running.
Let's say, that my PC is running Award BIOS.
Instead of injecting code into the existing BIOS, one could have an already
made BIOS available, including malware - for flashing.
> Take an Award BIOS for motherboard X. If you try to flash Motherboard X
> with Award BIOS for motherboard Y, you'll have a dead system.
As mentioned, one could have a library with BIOS'es for every combination.
BIOS can be downloaded from the vendors and 'patchen', so it should be a 'no
brainer' to flash the right BIOS to the right HW.
> Thus the idea of infecting BIOS (at this time) is pure FUD and BoaterDave
> is showing his trolling nature.
Maybe, maybe not, i don't participate in this forum, so i don't know who is
FUD'ing or not.
On 21/09/2009 17:46, Ant wrote:
> "~BD~" wrote:
>> Now, not just for me - but for everyone else reading this thread too -
>
> I'm reading and I don't need an explanation.
>
>> please explain just *how* you *know* that there are no "in the wild"
>> methods of adding malware to parts of a computer other than the hard disk.
>
> Some of us in alt.computer.security (me included) research malware and
> have contact with other researchers, some of whom do it for a living;
> for example, they might work for an anti-virus company and have access
> to thousands of current samples. I also keep up to date with what's
> going on "in the wild" by following various security blogs and forums.
>
>> Just because *you* have never heard about it - does that make it a fact?
>
> Probably, because David does the same sort of thing and if there had
> been any news he/I would have heard about it.
>
>
Thanks for your views, Ant.
I *do* understand what you say - my point is that you will *only* know
about such things (if they *do* exist!) once it is discovered and made
'public'!
On 21/09/2009 13:04, Leythos wrote:
> In article<84tyywx2zv84skegx2zv__84r5u0x2zv@yahoo.com >,
> daves_not_here@SD235235.org says...
>> You're usually reliable and helpful, but in this case you are unaware
>> of a presistent BIOS rootkit that happened to be shipping with a
>> variety of manufacturer's machines, highlighted at this year's
>> BlackHat conference:
>>
>
> Notice how IT SHIPPED ALREADY INSTALLED - that's significantly different
> than being installed by browsing a website....
>
>
What if *lots* of components (which are produced ..... let's say, in the
far east) were 'infected' in manufacture - might folk in the west be
hood-winked?
In message <zd2dnYYlh-YtYFnXnZ2dnUVZ8r2dnZ2d@bt.com>, ~BD~ wrote:
> On 21/09/2009 13:04, Leythos wrote:
> > In article<84tyywx2zv84skegx2zv__84r5u0x2zv@yahoo.com >,
> > daves_not_here@SD235235.org says...
> >> You're usually reliable and helpful, but in this case you are unaware
> >> of a presistent BIOS rootkit that happened to be shipping with a
> >> variety of manufacturer's machines, highlighted at this year's
> >> BlackHat conference:
> >>
> >
> > Notice how IT SHIPPED ALREADY INSTALLED - that's significantly different
> > than being installed by browsing a website....
> >
> >
> What if *lots* of components (which are produced ..... let's say, in the
> far east) were 'infected' in manufacture - might folk in the west be
> hood-winked?
>
> Just a thought! ;)
>
That was one of the prevailing arguments against selling IBM's laptop line to
the chinese. Lenovos would be preconfigured to spy on their users.
On 01/10/2009 21:34, §ñühw¤£f wrote:
> In message<zd2dnYYlh-YtYFnXnZ2dnUVZ8r2dnZ2d@bt.com>, ~BD~ wrote:
>> On 21/09/2009 13:04, Leythos wrote:
>>> In article<84tyywx2zv84skegx2zv__84r5u0x2zv@yahoo.com >,
>>> daves_not_here@SD235235.org says...
>>>> You're usually reliable and helpful, but in this case you are unaware
>>>> of a presistent BIOS rootkit that happened to be shipping with a
>>>> variety of manufacturer's machines, highlighted at this year's
>>>> BlackHat conference:
>>>>
>>>
>>> Notice how IT SHIPPED ALREADY INSTALLED - that's significantly different
>>> than being installed by browsing a website....
>>>
>>>
>> What if *lots* of components (which are produced ..... let's say, in the
>> far east) were 'infected' in manufacture - might folk in the west be
>> hood-winked?
>>
>> Just a thought! ;)
>>
>
> That was one of the prevailing arguments against selling IBM's laptop line to
> the chinese. Lenovos would be preconfigured to spy on their users.
>
> ^_^
>
Food for more thought then! That 'rogue' machine of mine had a
motherboard made by MSI ...... Hmmmm! I wonder! <beg>
On Sat, 19 Sep 2009 16:13:00 -0400, David H. Lipman wrote:
> From: "nemo_outis" <abc@xyz.com>
>
>| "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in
>| news:h92dgn02n5b@news3.newsguy.com:
>
>| ...
>>>| While you're worrying, you might want to worry about *other* BIOSes
>>>| besides the motherboard one. For instance, video cards have a BIOS
>>>| and many ethernet cards do as well (as do SCSI cards and other less
>>>| common possibilities). In principle any of these could harbour
>>>| malware.
>
>>> In principle but not yet in actuality.
>
>| We agree on my qualification: in principle. To my knowledge there's
>| nothing "in the wild." Yet!
>
>| However, if I were targetting a BIOS for malware insertion a graphics
>| card would have considerable appeal.
>
>| For instance, nVidia has for a long time supported direct programming of
>| the GPU (that's "G" not "C") through CUDA (and ATI more recently with
>| Stream) using high-level languages such as C. The GPU is a very
>| powerful processor and, to my knowledge, no anti-virus (or other
>| anti-malware) program even looks at it as a threat source. Very likely
>| a compromise of the graphics BIOS could be leveraged to use this
>| separate processor.
>
>| Vaguely redolent of how a fireware DMA attack completely bypasses the
>| CPU and therefore any anti-virus programs.
>
>| Regards,
>
> I remember reading about the FireWire exploitation,
Re: Firmware Rootkits - detection 'tool' available? 
Linear Mode
