Investigations by Trend Mirco have uncovered that the now-infamous spyware distributed by Italian surveillance outfit Hacking Team can survive the scrubbing or removal of a hard drive. Trend Mirco has revealed that the Remote Control System, Hacking Team’s backdoor malware, writes itself to the target computer’s BIOS.
The virulent malware was developed to hide itself within Insyde BIOS, popular amongst laptop vendors, via a Unified Extensible Firmware Interface (UEFI) BIOS rootkit, though AMI BIOS is also thought to vulnerable. This way, the program can survive a hard drive purge or swap, since it exists on the computer’s non-volatile BIOS ROM chip.
As Trend Micro explains it:
“Three modules are first copied from an external source [..] to a file volume (FV) in the modified UEFI BIOS. Ntfs.mod allows UEFI BIOS to read/write NTFS file. Rkloader.mod then hooks the UEFI event and calls the dropper function when the system boots.
The filedropper.mod contains the actual agents, which have the file name scout.exe and soldier.exe. This means that when the BIOS rootkit is installed, the existence of the agents are checked each time the system is rebooted.”
If the agent is missing, the malware will reinstall the scout executable. Anyone with a password-protected BIOS, however, will be protected against such an attack.
Thank you ZDNet for providing us with this information.
According to a new report, the GeForce RTX 5090 GPU will be very expensive. It…
A new AMD processor in the form of an engineering model has been leaked in…
SK Hynix has claimed to be the first company to mass-produce 321-layer NAND memory chips.…
SOUNDS GREAT – Full stereo sound (12W peak power) gives your setup a booming audio…
Special Edition Yoshi design Ergonomic controller shape with Nintendo Switch button layout Detachable 10ft (3m)…
Fluid Motion: These flight rudder pedals are smooth and accurate that enable precise control over…