Can spying software stays after wiping your HD?

Is there any key logger or some other kind spying software that stays in the system even after you wipe the whole hard drive or physically replace the hard drive?

 

Well, there are hardware keyloggers which can only be removed physically (they are somewhat hard to spot since most devices are small) . As far as I know it's impossible for a keylogger to "survive" a HD wipe (let alone replacing one).

 

Although it's theoretically possible for certain types of specialized malware to infect the memory of certain types of hardware (infecting the bios, the video card, etc.), it's quite a rare occurrence and I've never heard of anyone who actually ran across it.

There are other ways to create a seemingly persistent security hole. Some require physical presence (hardware keyloggers, hidden cameras, etc.) and others can be done via a variety of targeted online attacks.

Why do you ask? Are you having trouble clearing an apparent malware infection?

 

Could such hardware be hidden inside a laptop?

 

Unfortunately.....yes
http://www.keycarbon.com/products/keycarbon_laptop/overview/

 

dsniff on the router.

Clean the computer all you want. When you reconnect to Inet, all you traffic belong to ?. Man-in the-middle, reinstall malware on system. You pwned.
Run all the Virtual software you want, all of the sandboxes you want, we be there waiting, watching.

You will have a big ? on your face, tech minds will be like "GTFO".

What does it take to fix the above scenario?
Wipe + reflash router + change IP. Not easy, malware is on both.

 

Malware gets into your wireless router?

 

Folks,

Let's stay firmly planted in current reality and minimize the hypotheticals (yes - some of those hypotheticals are physically possible, but in the absence of some additional information here, they should be considered implausible for the current discussion).

Rubberducky - is the question a hypothetical or are you assessing a current issue? If the latter, more context is needed.

Blue

 

There is "Bluepill" which is a project started by a few researchers a few years ago that can put rootkits in the BIOS that are undetectable. However, this has nothing to do with the hard drive.

There is also the possibility that your CPU could have malicious microcode in it. This would allow someone to pwn your computer regardless of the OS used or what security precautions you took. Of course, this would mean AMD or Intel are malicious, which I strongly doubt. However, we will always have to wonder "who watches the watchers." It is not outside the realm of possibility that the NSA has a deal with the chip makers to put backdoors in the code. I doubt this is happening, but there is no way to prove anything.

We also have to be weary of hardware made in hostile countries like China. I know, for example, that the military will not allow hardware that has not been thoroughly vetted by their own experts to be ran in sensitive arenas. In other words, if they don't have access to all the datasheets and microcode, etc., it doesn't get used. This is to thwart the potential for abuse which can be done by malicious hardware makers.

But, to answer your question, if you overwrite the entire hard drive, there will be no way malware can survive it. This is assuming you overwrite everything, including HPA areas. This will be easy to do if you use the hard drive's built in secure erase function.

 

In theory malicious code can be inserts on the machine hardware-level (BIOS for example) and can propagate to the boot sectors of hard disk, even if it is changed. But in practice, I don't know whether anti-virus companies have found pests like these in real operation.

This means that very unlikely to happen that even replacing the hard disk or by wiping whole still remains a malicious software.

In any case, monitor data traffic and all outbound connections when the computer is in use help in the identification of any malware installed. And make the correct conclusions.

 

Google "router rootkit"
Don't be satisfied with just a spin story, used to manage a public panic, of Cisco IOS.

Don't think just router zombie, many cable boxes, FiOS, Comcast, Cox, may be as vulnerable.
Super redundant malware.

Law enforcement would like it, can monitor all suspects without fear of them being discovered and cleaned.
Malware authors would like for the same reasons, you pwned.

What about MITM your Google results? A sort of social engineering technique to hide the attack and make the true threat harder to detect.

[drama=As the HDD Turns]
This gives a new meaning to an online poker playing career.
What would stop someone from installing onto a router and MITM you till you lose. "You can't win!" hits home hard. The loss in the expectation of fairness destroys your confidence in the systems you thought were secure. You become listless in your online poker career, jaded by the reality of being middled. You now just post on forums waiting for the world to catch up to the reality you experienced.[/drama]

On close inspection this type of exploitation renders securing your PC impotent. Only one question, is it really out there?

Router compromises became public in 2006. How long has it been leveraged before it was "Discovered"? How many devices are susceptible?
psybot

Decide for yourself the threat potential to you.
Cleaning once infected may not be so simple. Positive detection is another problem. Where is the router Anti-rootkit detector? There isn't one.
Proving an infection exists on a device for the average computer user is impossible as there are no tools for discovery.

Where is the WAN Scan?

 

Thanks for that. Good to know. That's definitely above my head.

 

How do you monitor outgoing connections?

 

That sopunds so outrageous and improbable. But if I did have a router rootkit, what would it while connected to Xerobank?

 

"GTFO"

One way to check, Live CD.
Still redirected, you router infected...snarf snarf!
Checking for DNS, you in a real mess...snarf snarf!

As far as the secure vpn stuff, I ask Steve.
So far, looks like Xerobank is better than no Xerobank.
Will have to learn more about VPN.

 

Wiping the drive will overwrite everything on it..nothing will remain. The posts above regarding router rootkits, hardware keyloggers etc will never be a threat to home users as long as all hardware is purchased from a trusted source.

 

True, but the person would need physical access to install it and to retrieve the information.

 

in that case whick wiping programs do you guys think is best...
never [that i know have a problem like that..i regulary used wipedrive and killdisk..

 

also the first step after wiping a hard drive should be ..
installing OS ..and make an image of it.....install antivirus..an run updates.

 

Well....yeah....for a keylogger to be inside a laptop, the attacker would need physical access. That goes without saying. But that was the question from rubberducky: "Could such hardware be hidden inside a laptop?" Physical access is usually not too difficult. Especially if you're spying on a wife, boyfriend, neighbor, etc. Protect your computer!! Physical access and it can be game over.