Jump to content

Interesting Malware Discussion


PCGEEK443
 Share

Recommended Posts

Hi , I was recently reading discussion in bleeping computers forum and came to know about the existence of firmware / hardware level rootkit in modern devices also . I want to know Malwarebytes community opinion on this topic  . Please note if I had posted on wrong section of the community , move by post in the correct section , As I was bit unsure where post . Have you never faced any such deep infection while assisting in removing malware from the users computers .

 

Link to bleeping computers post

 

Interesting Malware and Cybersecurity Reads - Anti-Virus, Anti-Malware, and Privacy Software (bleepingcomputer.com)

Link to post
Share on other sites

  • Root Admin

Hello @PCGEEK443

I am of the same opinion as Gary R on the Bleepingcomputer post you linked.

Gary's post:  https://www.bleepingcomputer.com/forums/t/759231/interesting-malware-and-cybersecurity-reads/page-5#entry5263165

Quote

Fortunately, it requires a great deal of knowledge, and resources to mount this type of attack, so for the time being at least, I expect they're likely to remain targeted at high value targets, and not at the general public.

 

  • Like 2
Link to post
Share on other sites

@AdvancedSetup

On 10/28/2021 at 2:43 PM, AdvancedSetup said:

I am of the same opinion as Gary R on the Bleepingcomputer post

Although I am with Garry Opinion but still the point stated by @CygnusX on post 67 of Bleepingcomputer post is valid

https://www.bleepingcomputer.com/forums/t/759231/interesting-malware-and-cybersecurity-reads/?p=5263495

 

Quote

But even known vulnerabilities can become dangerous if they are not properly communicated by the vendors, because the average user rarely visits sites like cvedetails or exploit-db. Users would have to be informed quickly when a vulnerability in the firmware is found, and also about how exactly it can be patched. A "readme.txt" like we have today is not sufficient for this in my opinion.

 

Also , I want to ask that had you ever faced any malware that survives clean install and likely to Hardware level infection . As for me , I haven't any .. But I love to know your experience on it as you are much more qualified to answer this question .

Link to post
Share on other sites

  • Root Admin

I've been doing Enterprise level computer support for 30 years and support here as a second job for almost 13 years. In that time I have not encountered a single confirmed case of a UEFI infection.

If you enable Secure Boot it will prevent either of these attacks from happening in the first place. The majority of computers sold today for quite a while come with Windows 10 and Secure Boot enabled.

There needs to be a path to get full access to your system and in the one case it would almost need physical access.

There are probably well over a billion computers online today and details of such attacks are often from Lab work. Microsoft has known of attack for a long time now and Windows Defender and other protections from Windows 10 block exploits like this.

Again, it's possible but unless you're some type of military, government, or other high value target it is extremely unlikely someone is going to spend an unknown amount of time trying to infect your computer with a sophisticated attack and have no return on investment.

 

Link to post
Share on other sites

  • 2 weeks later...

@AdvancedSetup

Sorry for the late reply , but UEFI malware can also be deployed to normal person easily without much hassle , most of people never flash the UEFI ( also it involves a lot of risk in flashing firmware ) , also many vendors don't release updates to many vulnerabilities too , In that scenario these users may become easy target for black hats , However it is just an assumption

Link to post
Share on other sites

  • Root Admin

Let's just say we'll agree to disagree for now about who is targeted. When I'm here working on dozens or hundreds of users infected by such attacks or we're seeing in the news that it's happening I'll agree with you. Until then I don't see any signs of normal users being targeted at this point.

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.