Firmware Rootkits - detection 'tool' available?

David H. Lipman wrote:

> Just consider the idea of dlashing a BIOS. Whose BIOS ? Phoenix, Award
> ??? For what system ?

Consider this.
It's pretty easy to discover what kind of Motherboard/bios that's running.

Let's say, that my PC is running Award BIOS.

Instead of injecting code into the existing BIOS, one could have an already
made BIOS available, including malware - for flashing.

> Take an Award BIOS for motherboard X. If you try to flash Motherboard X
> with Award BIOS for motherboard Y, you'll have a dead system.

As mentioned, one could have a library with BIOS'es for every combination.
BIOS can be downloaded from the vendors and 'patchen', so it should be a 'no
brainer' to flash the right BIOS to the right HW.

> Thus the idea of infecting BIOS (at this time) is pure FUD and BoaterDave
> is showing his trolling nature.

Maybe, maybe not, i don't participate in this forum, so i don't know who is
FUD'ing or not.

--
Med venlig hilsen
Stig Johansen

Stig Johansen

In message <zd2dnYYlh->, ~BD~ wrote:
> On 21/09/2009 13:04, Leythos wrote:
> > In article< >,
> > says...
> >> You're usually reliable and helpful, but in this case you are unaware
> >> of a presistent BIOS rootkit that happened to be shipping with a
> >> variety of manufacturer's machines, highlighted at this year's
> >> BlackHat conference:
> >>
> >
> > Notice how IT SHIPPED ALREADY INSTALLED - that's significantly different
> > than being installed by browsing a website....
> >
> >
> What if *lots* of components (which are produced ..... let's say, in the
> far east) were 'infected' in manufacture - might folk in the west be
> hood-winked?
>
> Just a thought!
>

That was one of the prevailing arguments against selling IBM's laptop line to
the chinese. Lenovos would be preconfigured to spy on their users.

^_^

--
http://www.care2.com/click-to-donate/wolves/
Proof of Americas 3rd world status:
http://www.ramusa.org/
Cash for *who*?
http://www.bartcop.com/list-the-facts.htm
http://www.pavlovianobeisance.com/

§ñühw¤£f

On Sat, 19 Sep 2009 16:13:00 -0400, David H. Lipman wrote:

> From: "nemo_outis" <>
>
>| "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in
>| news::
>
>| ...
>>>| While you're worrying, you might want to worry about *other* BIOSes
>>>| besides the motherboard one. For instance, video cards have a BIOS
>>>| and many ethernet cards do as well (as do SCSI cards and other less
>>>| common possibilities). In principle any of these could harbour
>>>| malware.
>
>>> In principle but not yet in actuality.
>
>| We agree on my qualification: in principle. To my knowledge there's
>| nothing "in the wild." Yet!
>
>| However, if I were targetting a BIOS for malware insertion a graphics
>| card would have considerable appeal.
>
>| For instance, nVidia has for a long time supported direct programming of
>| the GPU (that's "G" not "C") through CUDA (and ATI more recently with
>| Stream) using high-level languages such as C. The GPU is a very
>| powerful processor and, to my knowledge, no anti-virus (or other
>| anti-malware) program even looks at it as a threat source. Very likely
>| a compromise of the graphics BIOS could be leveraged to use this
>| separate processor.
>
>| Vaguely redolent of how a fireware DMA attack completely bypasses the
>| CPU and therefore any anti-virus programs.
>
>| Regards,
>
> I remember reading about the FireWire exploitation,

No ****ing ****. Thx for that post.
--
http://tr.im/1fa3

Jeffrey Bloss