Investigations by Trend Mirco have uncovered that the now-infamous spyware distributed by Italian surveillance outfit Hacking Team can survive the scrubbing or removal of a hard drive. Trend Mirco has revealed that the Remote Control System, Hacking Team’s backdoor malware, writes itself to the target computer’s BIOS.
The virulent malware was developed to hide itself within Insyde BIOS, popular amongst laptop vendors, via a Unified Extensible Firmware Interface (UEFI) BIOS rootkit, though AMI BIOS is also thought to vulnerable. This way, the program can survive a hard drive purge or swap, since it exists on the computer’s non-volatile BIOS ROM chip.
As Trend Micro explains it:
“Three modules are first copied from an external source [..] to a file volume (FV) in the modified UEFI BIOS. Ntfs.mod allows UEFI BIOS to read/write NTFS file. Rkloader.mod then hooks the UEFI event and calls the dropper function when the system boots.
The filedropper.mod contains the actual agents, which have the file name scout.exe and soldier.exe. This means that when the BIOS rootkit is installed, the existence of the agents are checked each time the system is rebooted.”
If the agent is missing, the malware will reinstall the scout executable. Anyone with a password-protected BIOS, however, will be protected against such an attack.
Thank you ZDNet for providing us with this information.
The free-to-play MMO Albion Online is one of the best games to come out of…
Set the curve with the CORSAIR XENEON FLEX 45WQHD240 OLED Bendable UltraWide Gaming Display, built…
Say hello to the future of graphics, with the MSI GeForce RTX 4090 GAMING X…
This Scan Gamer RTX features the 8GB NVIDIA GeForce RTX 3050 graphics card featuring new…
The MAG series fights alongside gamers in pursuit of honor. With added military-inspired elements in…
Wireless gaming headset designed for performance and comfort. Outfitted with all the surround sound, voice…