Investigations by Trend Mirco have uncovered that the now-infamous spyware distributed by Italian surveillance outfit Hacking Team can survive the scrubbing or removal of a hard drive. Trend Mirco has revealed that the Remote Control System, Hacking Team’s backdoor malware, writes itself to the target computer’s BIOS.
The virulent malware was developed to hide itself within Insyde BIOS, popular amongst laptop vendors, via a Unified Extensible Firmware Interface (UEFI) BIOS rootkit, though AMI BIOS is also thought to vulnerable. This way, the program can survive a hard drive purge or swap, since it exists on the computer’s non-volatile BIOS ROM chip.
As Trend Micro explains it:
“Three modules are first copied from an external source [..] to a file volume (FV) in the modified UEFI BIOS. Ntfs.mod allows UEFI BIOS to read/write NTFS file. Rkloader.mod then hooks the UEFI event and calls the dropper function when the system boots.
The filedropper.mod contains the actual agents, which have the file name scout.exe and soldier.exe. This means that when the BIOS rootkit is installed, the existence of the agents are checked each time the system is rebooted.”
If the agent is missing, the malware will reinstall the scout executable. Anyone with a password-protected BIOS, however, will be protected against such an attack.
Thank you ZDNet for providing us with this information.
Electronic Arts (EA) announced today that its games were played for over 11 billion hours…
Steam's annual end-of-year recap, Steam Replay, provides fascinating insights into gamer habits by comparing individual…
GSC GameWorld released a major title update for STALKER 2 this seeking, bringing the game…
Without any formal announcement, Intel appears to have revealed its new Core 200H series processors…
Ubisoft is not having the best of times, but despite recent flops, the company still…
If you haven’t started playing STALKER 2: Heart of Chornobyl yet, now might be the…