Where malware could hide - not just hard drives and RAM?

The big malware scanner companies for average consumers make seems like just run simple scanner for your drives and you are protected. But if what this commenter says is true, the problem maybe could be much worse for some special users:

from comments for Schneier blog article
https://www.schneier.com/blog/archives/2013/10/how_the_nsa_att.html

There is no such scanner from Norton or Avast etc for those kind hiding places.

 

The thing with the idea of firmware or BIOS level infections is that it'd be a large amount of work to successfully do. I mean, anyone who's ever flashed a mainboard, or router or graphic card can tell you a lot of things can go wrong in just flashing it (there's always a chance you'll brick the device) But then also being able to add the malicious bit to the actual firmware/BIOS (which has a limited amount of space as is sometimes) AND have the machine stable afterwards... It's not impossible, but you'd have to be targeted in advance for someone to successfully pull that off I'd think. Or it'd have to rely on a VERY COMMON model of hardware that a lot of people use (modem, router, mainboard etc)

To check for that kind of infection I'd imagine you'd have to track down all the firmware/BIOS for your hardware and then try to dump/backup your current firmware and compare them. (and that'd be a task). And because such a thing would be not as widespread as your average malware I highly doubt AVs could pick it up even if they tried (cause they too would have to have an archive of official firmware/BIOS for a ton of devices to compare).

 

Hello,

Webroot has a nice write-up in English of the discovery by Qihu 360 of a BIOS-infecting rootkit named Mebromi.

Webroot: http://www.webroot.com/blog/2011/09/13/mebromi-the-first-bios-rootkit-in-the-wild/
Qihu 360: http://bbs.360.cn/4005462/251096134.html (article is in Chinese)

Regards,

Aryeh Goretsky

 

Wonderful -- just what the world needs now :-(

 

And now we have this

"USB devices such as keyboards, thumb-drives and mice can be used to hack into personal computers in a potential new class of attacks that evade all known security protections, a top computer researcher has revealed.

Karsten Nohl, chief scientist with Berlin's SR Labs, noted that hackers could load malicious software onto tiny, low-cost computer chips that control functions of USB devices but which have no built-in shields against tampering with their code.
. . .
Computers do not detect the infections when tainted devices are inserted because anti-virus programs are only designed to scan for software written onto memory and do not scan the "firmware" that controls the functioning of those devices, he said."

http://www.brisbanetimes.com.au/it-...-attacks-researcher-warns-20140731-zz8cx.html

 

from same article above

"In his tests, Nohl said he was able to gain remote access to a computer by having the USB instruct the computer to download a malicious program with instructions that the PC believed were coming from a keyboard. He was also able to change what are known as DNS network settings on a computer, essentially instructing the machine to route internet traffic through malicious servers.

Once a computer is infected, it could be programmed to infect all USB devices that are subsequently attached to it, which would then corrupt machines that they contact."