Kaspersky - 25 July 2022 CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit https://securelist.com/cosmicstrand-uefi-firmware-rootkit/106973/ Long article. Read more there.
A very special thing all worked out so they know what they are doing. Nothing to be fooled with but if somehow undiscovered begs to question where it goes and what it does exactly for what purpose. Imagine if it's been undetected even from the highest AV experts. The very nickname suggests as much.
There use to be a oriental fashioned file a user could apply that instantly detected if UEFI was introduced something out the ordinary you could click an alert box to abort. Can't remember it now
Hi EASTER, I'm afraid that my English is not good enough to understand what you are saying. Sorry, it is somewhat abracadabra to me ...
In a manner of speaking. If I remember right it was a file that prevented ANY rootkit attaching to the MBR-which now think that may been only for MBR not UFEI. But I have seen experimental tries similar on reboot.pro forums. Haven't browsed there in a long while but there was some promise to what some freelance developers were attempting to cook up to prevent UEFI rootkits attaching to the system. In a way if something WAS effective you could be right on the abracadabra AskWoody opens discussion on this same issue at the top of this year. https://www.askwoody.com/forums/topic/warning-moonbounce-malware-uefi-boot-rootkit/ Seems reboot.pro is still online where Joakim Schicht issued many safe workable programs that delved into these low level issues. I still use Raw Copy myself and other really good apps he devised. He was a very active member of that forum reboot.pro https://github.com/jschicht Also Courtesy Major Geeks-https://www.majorgeeks.com/files/details/uefitool.html If it's of any interest UEFITool allows the modification, parsing, and extraction of UEFI firmware images. Wow this topic has my gears spinning on high! I thoroughly enjoy such subjects Also Eric Zimmerman has a plethora array of internal deep extract and look tools.
Microsoft says WD has a built-in UEFI Scanner, as of 2020. https://www.microsoft.com/security/...osoft-defender-atp-protection-to-a-new-level/
