Where malware could hide - not just hard drives and RAM?

Discussion in 'malware problems & news' started by Tipsy, Jun 18, 2014.

Thread Status:
Not open for further replies.
  1. Tipsy

    Tipsy Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    207
    The big malware scanner companies for average consumers make seems like just run simple scanner for your drives and you are protected. But if what this commenter says is true, the problem maybe could be much worse for some special users:
    from comments for Schneier blog article
    https://www.schneier.com/blog/archives/2013/10/how_the_nsa_att.html

    There is no such scanner from Norton or Avast etc for those kind hiding places.
     
  2. Veeshush

    Veeshush Registered Member

    Joined:
    Mar 16, 2014
    Posts:
    643
    The thing with the idea of firmware or BIOS level infections is that it'd be a large amount of work to successfully do. I mean, anyone who's ever flashed a mainboard, or router or graphic card can tell you a lot of things can go wrong in just flashing it (there's always a chance you'll brick the device) But then also being able to add the malicious bit to the actual firmware/BIOS (which has a limited amount of space as is sometimes) AND have the machine stable afterwards... It's not impossible, but you'd have to be targeted in advance for someone to successfully pull that off I'd think. Or it'd have to rely on a VERY COMMON model of hardware that a lot of people use (modem, router, mainboard etc)

    To check for that kind of infection I'd imagine you'd have to track down all the firmware/BIOS for your hardware and then try to dump/backup your current firmware and compare them. (and that'd be a task). And because such a thing would be not as widespread as your average malware I highly doubt AVs could pick it up even if they tried (cause they too would have to have an archive of official firmware/BIOS for a ton of devices to compare).
     
  3. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
  4. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    1,955
    Location:
    DC Metro Area
  5. Tipsy

    Tipsy Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    207
    And now we have this

    "USB devices such as keyboards, thumb-drives and mice can be used to hack into personal computers in a potential new class of attacks that evade all known security protections, a top computer researcher has revealed.

    Karsten Nohl, chief scientist with Berlin's SR Labs, noted that hackers could load malicious software onto tiny, low-cost computer chips that control functions of USB devices but which have no built-in shields against tampering with their code.
    . . .
    Computers do not detect the infections when tainted devices are inserted because anti-virus programs are only designed to scan for software written onto memory and do not scan the "firmware" that controls the functioning of those devices, he said."


    http://www.brisbanetimes.com.au/it-...-attacks-researcher-warns-20140731-zz8cx.html
     
  6. Tipsy

    Tipsy Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    207
    from same article above

    "In his tests, Nohl said he was able to gain remote access to a computer by having the USB instruct the computer to download a malicious program with instructions that the PC believed were coming from a keyboard. He was also able to change what are known as DNS network settings on a computer, essentially instructing the machine to route internet traffic through malicious servers.

    Once a computer is infected, it could be programmed to infect all USB devices that are subsequently attached to it, which would then corrupt machines that they contact."
     
Loading...
Thread Status:
Not open for further replies.