Forum Moderators: open
The malware was installed via drive-by exploits using a set of old Microsoft vulnerabilities, probably to stay under the radar during this ‘beta’ release stage. The whole timeline reads like a big development and malware QA plan; in fact all the samples released in the initial period have close PE timestamps and very small changes in the code
YOUR COMPUTER IS NOW STONED (...AGAIN!). THE RISE OF MBR ROOTKITS [f-secure.com] (pdf document)
Haven't finished the whole thing, but wow. Just wow.
I'm familiar with professional level software development processes, and this looks like they're following a SPRINT model of development. Which most likely means the virus writers are well educated, with probably some time in professional software development. It also means that this is being developed by a "team" of developers.
I'm both awed and appalled by the level of professionalism being devoted to this.
How would you recover from an infected BIOS? It's not like you can boot from a different hard drive or OS...that seems like the kind of thing that could totally destroy your system by rendering your motherboard inherently insecure.
How would you recover from an infected BIOS?
About 15 years ago, a virus emerged that wiped bioses (might have been called Doom - not sure). After that, most manufacturers implemented a "shadow" bios and a protected area that can't be flashed. In combination, this means that if you press the right key combination at startup, the original bios is magically restored. I had to do this once!
Kaled.
The power of a moder GUI based Lights Out Manager is pretty staggering. Especially when you consider how seldom admins know it even exists, let alone how to properly secure it, or apply patches and upgrades.
