Hacking Team Uses UEFI BIOS Rootkit to Keep RCS 9 Agent in Target Systems

The dissection of the data from the Hacking Team leak has yielded another critical discovery: Hacking Team uses a UEFI BIOS rootkit to keep their Remote Control System (RCS) agent installed in their targets’ systems. This means that even if the user formats the hard disk, reinstalls the OS, and even buys a new hard disk, the agents are implanted after Microsoft Windows is up and running.

Further reading here:
http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-uses-uefi-bios-rootkit-to-keep-rcs-9-agent-in-target-systems/

Cheers, REBOL.

How does it handle BIOS reflashing? (Don’t have time to read atm)

Edit: It appears to only work if the attacker has physical access, I mean, that’s not good but at least better than remote installation capability! And it does seem flashing the BIOS will take care of it.

Sanya “flashing the bios” you mean as this article describes? http://www.ehow.com/how_5011164_flash-bios.html

Yes, although not sure about the way they describe how to do it, but I guess that may depend on the vendor.