A forum for reverse engineering, OS internals and malware analysis
Mr.Bojangles wrote:UEFI 'secure boot' could lock out Linux from Windows 8 PCsrkhunter wrote:UEFI & Win 8 vs Bios-malware:Too bad it's just HWID encrypted SHA1 tables..
When you use a PC that supports UEFI-based Secure Boot (defined in the UEFI 2.3.1 specification), Windows secured boot will help ensure that all firmware and firmware updates are secure, and that the entire Windows boot path up to the antimalware driver has not been tampered with. It does this by loading only properly signed and validated code in the boot path. This helps ensure that malicious code can’t load during boot or resume, and helps to protect you against boot sector and boot loader viruses, as well as bootkit and rootkit malware that try to load as drivers.
http://blogs.msdn.com/b/b8/archive/2011 ... lware.aspx
Big corporations and their strait out of the textbook employees think RCE is something only licensed employees can do..good for pirates and botnet capitalists I guess..
rkhunter wrote:And the reply from Steven Sinofsky:Mr.Bojangles wrote:UEFI 'secure boot' could lock out Linux from Windows 8 PCsrkhunter wrote:UEFI & Win 8 vs Bios-malware:Too bad it's just HWID encrypted SHA1 tables..
When you use a PC that supports UEFI-based Secure Boot (defined in the UEFI 2.3.1 specification), Windows secured boot will help ensure that all firmware and firmware updates are secure, and that the entire Windows boot path up to the antimalware driver has not been tampered with. It does this by loading only properly signed and validated code in the boot path. This helps ensure that malicious code can’t load during boot or resume, and helps to protect you against boot sector and boot loader viruses, as well as bootkit and rootkit malware that try to load as drivers.
http://blogs.msdn.com/b/b8/archive/2011 ... lware.aspx
Big corporations and their strait out of the textbook employees think RCE is something only licensed employees can do..good for pirates and botnet capitalists I guess..
Microsoft’s demand that ’secure boot’ is enabled on Windows 8 PCs means that you might not be able to install Linux.
http://www.zdnet.com/blog/hardware/yes- ... -pcs/14897
Mr.Bojangles wrote:There is already a know method for non-TPM systems that is basically deflate->keygen->decrypt->change->compress->write-range->write. Since TPM isn't secure the cert method which is only different by the crypto used, is most likely fail too. Like most tech that is mostly the result of greed for market shares, it's not high frequency enough for real malware authors to care about..Please tell us your way or provide a solution how to make bootkits work impossible.
EP_X0FF wrote:If the computer runs an idiot - there is nothing can help.
C:\my.sysregards,
md5 : 353c3e4b55cb94a6e6a54dc423bddc6d
C:\WINDOWS\system32\dllcache\beep.sys
md5 : cdde77a83ea545c14b22c32ca9655bdd
supermino wrote:I have found in other forum this new Rootkit. He infected the Bios!!!
[url]http://www..com/file-scan/report.html?id=3b7e16e99823748f28abbb31d1ef4bc76e29371fcb6e42a527ebf584bf0a20e1-1323951651[/url]
