1cooldude
March 25th, 2009, 09:57 AM
Nothing really new, just a twist on 20 year old exploits. IMO, the person does not need access to the PC to inflict the code.
Quote:
Researchers have demonstrated how to create rootkits that survive hard-disk reformatting by injecting malware into the low-level system instructions of a target computer.
The researchers, from Core Security Technologies, used the techniques to inject rootkits into two computers, one running the OpenBSD operating system and the other Windows. Because the infection lives in the computer's BIOS, or basic input/output system, it persists even after the operating system is reinstalled or a computer's hard drive is replaced.
While researchers have focused on BIOS-based rootkits for at least three years, earlier techniques generally attacked specific types of BIOSes, such as those that used ACPI, or Advanced Configuration and Power Interface. The techniques demonstrated by the Core researchers work on virtually all types of systems, they said.
Of course, injecting code into the BIOS is no easy feat. It requires physical access to the machine or an exploit that hands an attacker unfettered root access. But the research, presented at last week's CanSecWest security conference by Anibal L. Sacco and Alfredo A. Ortega, does demonstrate that infections will only become harder to spot and remove over time.
Also:
A WORM is targeting embedded Linux devices which are used in DSL modems and routers. Mipsel based OpenWrt/ DD-WRT gear with SSH, Telnet, or Web-based interfaces available to the WAN have all been hit.
Psyb0t has been around for a while but lately it has changed its tactics and is hitting Linux hardware.
Netcomm's MB5 ASDL modem has been hit but also modem brands in Italy, Brazil, Ecuador, Russia, Ukraine, Turkey, Peru, Malaysia, Columbia, India, and Egypt were suspect as well.
ACcording to the DroneBL blog: "Ninety per cent of the routers and modems participating in this botnet are participating due to user-error (the user themselves or otherwise). Unfortunately, it seems that some of the people covering this botnet do not understand this point, and it is making us look like a bunch of idiots."
DroneBL has noticed that the botnet that the worm has created is 100,000 strong
Source... (http://eclectech.co.uk/news.php)
Quote:
Researchers have demonstrated how to create rootkits that survive hard-disk reformatting by injecting malware into the low-level system instructions of a target computer.
The researchers, from Core Security Technologies, used the techniques to inject rootkits into two computers, one running the OpenBSD operating system and the other Windows. Because the infection lives in the computer's BIOS, or basic input/output system, it persists even after the operating system is reinstalled or a computer's hard drive is replaced.
While researchers have focused on BIOS-based rootkits for at least three years, earlier techniques generally attacked specific types of BIOSes, such as those that used ACPI, or Advanced Configuration and Power Interface. The techniques demonstrated by the Core researchers work on virtually all types of systems, they said.
Of course, injecting code into the BIOS is no easy feat. It requires physical access to the machine or an exploit that hands an attacker unfettered root access. But the research, presented at last week's CanSecWest security conference by Anibal L. Sacco and Alfredo A. Ortega, does demonstrate that infections will only become harder to spot and remove over time.
Also:
A WORM is targeting embedded Linux devices which are used in DSL modems and routers. Mipsel based OpenWrt/ DD-WRT gear with SSH, Telnet, or Web-based interfaces available to the WAN have all been hit.
Psyb0t has been around for a while but lately it has changed its tactics and is hitting Linux hardware.
Netcomm's MB5 ASDL modem has been hit but also modem brands in Italy, Brazil, Ecuador, Russia, Ukraine, Turkey, Peru, Malaysia, Columbia, India, and Egypt were suspect as well.
ACcording to the DroneBL blog: "Ninety per cent of the routers and modems participating in this botnet are participating due to user-error (the user themselves or otherwise). Unfortunately, it seems that some of the people covering this botnet do not understand this point, and it is making us look like a bunch of idiots."
DroneBL has noticed that the botnet that the worm has created is 100,000 strong
Source... (http://eclectech.co.uk/news.php)