ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > Living Room

Win 8 Zero-Day Exploit

<< < (2/2)

SeraphimLabs:
I've noticed a sharp rise in MBR and boot sector rootkits, and now as part of a standard OS reload procedure use a Linux LiveCD to run DD and zero the first 4GB of a drive before reinstalling the OS.

But I will be surprised if they find a way to reliably infect the BIOS. BIOS code varies widely from system to system as it is the hardware specific level providing glue between chipset and OS. For such a thing to be possible, it would have to target similarities in a particular vendor, such as Phoenix.

40hz:
Sometimes I can't help wondering if some of this activity is being financed by parties interested in building the case for closed software ecosystems and single-source app stores.  :o
-40hz (November 04, 2012, 08:28 AM)
--- End quote ---

Well I wouldn't put it past Apple to poke holes in MS software, that's a cinch to see. But for MS to do it to themselves gets all into Tin Foil Hat territory that I don't wanna get dragged into : (
-TaoPhoenix (November 04, 2012, 09:06 AM)
--- End quote ---

Agree. But I doubt any of the companies would be stupid enough to do something like that.

But they're not the only stakeholders that would stand to benefit. Anybody holding significant stock positions would also do so. And these people are much more likely to resort to dirty tricks. Especially with the growing amount of hack talent coming out of certain state sponsored university programs and "computer clubs."

Not all these black hats want to work for their governments. Many have found lucrative freelance work.

Global village. Global economy. Global market.  8)

f0dder:
Is there any example of BIOS infection in the wild? I would be a bit surprised to see this in generic malware, the complexity is relatively high and there's just so many different configurations out there - seems more like the kind of thing that would be used for more targeted attacks.

MBR and UEFI infections are a quite different story (while still nasty and somewhat complex to do).

40hz:
+1 w/f0dder. I'd be curious to see if one ever does surface that could affect a broad base of machines - although the likelihood does increase as the PC market becomes more and more the preserve of a small handful of companies. Which is one more argument for encouraging diversity in the OS and hardware market. The fewer varietals there are, the more effectively and reliably they can be targeted. Something that's been talked about for many years.

Can't speak for UEFI issues this early in the game. But like Stoic Joker, I've also seen MBR infections in the field these last few months. So I guess the genie is out of the bottle with that category of malware.

Navigation

[0] Message Index

[*] Previous page

Go to full version