A hell of a rootkit

Check this out: http://www.fudzilla.com/index.php?option=com_content&task=view&id=12693&Itemid=1

Looks as if even CIS won’t protect us against it :-.

I kind of skimmed through the article, but think about it. If it wants to embed itself in the high privileged SMM, it must install itself, which D+ would alert of if it tried to run.

It [i]installs[/i] and hides in the SMM space, which is off limits to any OS, thus making it impervious to security measures.

I think the article’s main point about how this is very dangerous is because of the fact that once it successfully accesses and gets itself embedded where it needs to be, it’s virtually impossible to eliminate.

Just a thought…
Would like to hear Melih’s view on this. “The attack of malware via hardware” :wink:

Those ■■■■ rootkits… :slight_smile:

Still I think the prevention layer would catch this when they are trying to install them self, but who knows… ^^ Those already infected will probably be left helpless thou… ^^ :slight_smile: :slight_smile: ;D O0 : :-X

Bad of Intel not fixing the issue thou, if its true they knew this since 2005…


Ouch! That’ll hurt Intel sales, once the word spreads.

Good bye Intel… Hellooo AMD


Yes Fazio, I think you’re right. But no-one can be 100% sure that this loophole hasn’t been exploited thus far and that people’s computers aren’t infected with this kind of rootkit. However, the thing which is most frustrating is that it is not possible to check whether this baddy is installed or not, not to mention removing it.

Shame on you Intel for not fixing it >:(

I doubt it will hurt their sales significantly. Remember, the majority of people still don’t care about their PC security. And I doubt any PC salesperson is going to even think about mentioning it to oblivious customers. :wink:

Tru dat .FaZio

It’ll only be the techies, that care enough to know. (:NRD)

I had a quick look at the paper on this. The technique required direct writing to memory which defence+ will block. I notice all safe applications can write to physical memory so I hope a safe application cannot be tricked into doing it.

As this is researched by Joanna you better believe it :wink:

How about someone plants this baby in your system with a bootdisk/device ??? then it’s bye bye detection !
So think of physical protection also, were do i leave my laptop floating around etc…

So a disk backup image will do nothing if you are infected?