Firmware Rootkits - detection 'tool' available?

Discussion in 'Computer Security' started by ~BD~, Sep 18, 2009.


    Proof of Americas 3rd world status:
    Cash for *who*?
    §ñühw¤£f, Sep 19, 2009
    1. Advertisements

  2. §ñühw¤£f, Sep 19, 2009
    1. Advertisements

  3. From: "~BD~" <>

    | Please explain just *how* you know that to be a *fact*.

    | Indeed, how would a user know that his/her machine had been compromised
    | in this way - especially now that modern machines are so much faster
    | than in days gone by?

    Speed of the PC has NOTHING to do with it.

    I know this to be a fact because there is NO insider information on the occurence.

    In this thread nemo mentioned about a FireWire exploit. He read about it. I read about
    it and it was confirmed.

    The fact there is no BIOS/FirmWare malware/RootKit is a fact based upon knowledge on the

    Just because someone postulates the possibility does NOR mean there exists any.

    It is postulated that there is life in the universe outside of the sphere of our Earth.
    It has also peen discussed that such life has visited Earth. You can discuss this as a
    possiblitty because it has NOT been proven to have happened.

    When you posted "However, have you considered that your BIOS may have been/could be
    infected? A whole new ball-game!"

    You were injecting pure FUD as nobody should be considering this unless they are wearing
    tin foil hats and expecting an invasion from Mars.
    David H. Lipman, Sep 20, 2009
  4. ~BD~

    Leythos Guest

    Your own history seems to indicate the statement is true.
    I've been working with computers, designing hardware, burning EPROMS,
    EEPROMS, and making PALS, and programming ROM's for 30+ years, or at
    least most of 30 years.

    I have NEVER seen a malware in the wild that rewrites a BIOS, have not
    read about one, have not read about anyone that has actually seen one in

    You need to put the tin-foil hat back on BD.
    Leythos, Sep 20, 2009
  5. ~BD~

    Aratzio Guest

    Oh you are very very special.
    Aratzio, Sep 20, 2009
  6. Aratzio <> pinched out a steaming pile

    You're a nice lady...

    _____ ____ ____ __ /\_/\ __ _ ______ _____
    / __/ |/ / / / / // // . . \\ \ |\ | / __ \ \ \ __\
    _\ \/ / /_/ / _ / \ / \ \| \| \ \_\ \ \__\ _\
    /___/_/|_/\____/_//_/ \[email protected]_/ \__|\__|\____/\____\_\
    §ñühw¤£f, Sep 20, 2009
  7. You forget this is usenet, you are not owed an answer, you may get one
    if someone else wants to spend the time to answer.

    If you do some research and pose an "interesting" question you'll have a
    better chance of a response.

    John Mason Jr, Sep 21, 2009
  8. Dave,

    You're usually reliable and helpful, but in this case you are unaware
    of a presistent BIOS rootkit that happened to be shipping with a
    variety of manufacturer's machines, highlighted at this year's
    BlackHat conference:

    and also you may have missed this from last year's CanSec West:
    daves_not_here, Sep 21, 2009
  9. From: "~BD~" <>

    | More detail here, too

    | My suspicion is that the 'bad guys' had discovered how to exploit this
    | long ago - pure conjecture, of course! ;)

    | I also don't think Mr Lipman has missed anything at all. I think *he*
    | knows full well what is happening on the Wild, Wild, Web but doesn't
    | want 'us' to know about it!

    | --
    | Dave

    These are NOT "in the wild". The CoreSecurity method is lab experiment.

    The Computer form of LoJack is not a third party RootKit nor really a RootKit but a
    possible exploitable vector.

    Promoting your suspicions, even with an appended smiley, is again injecting FUD.
    David H. Lipman, Sep 21, 2009
  10. ~BD~

    Leythos Guest

    Notice how IT SHIPPED ALREADY INSTALLED - that's significantly different
    than being installed by browsing a website....
    Leythos, Sep 21, 2009
  11. Consider this.
    It's pretty easy to discover what kind of Motherboard/bios that's running.

    Let's say, that my PC is running Award BIOS.

    Instead of injecting code into the existing BIOS, one could have an already
    made BIOS available, including malware - for flashing.
    As mentioned, one could have a library with BIOS'es for every combination.
    BIOS can be downloaded from the vendors and 'patchen', so it should be a 'no
    brainer' to flash the right BIOS to the right HW.
    Maybe, maybe not, i don't participate in this forum, so i don't know who is
    FUD'ing or not.
    Stig Johansen, Sep 22, 2009
  12. That was one of the prevailing arguments against selling IBM's laptop line to
    the chinese. Lenovos would be preconfigured to spy on their users.


    Proof of Americas 3rd world status:
    Cash for *who*?
    §ñühw¤£f, Oct 1, 2009
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.