It appears you have not yet registered with our community. To register please click here...

 
Go Back [M] > Madshrimps > WebNews
Rootkit hits Windows Unified Extensible Firmware Interface Rootkit hits Windows Unified Extensible Firmware Interface
FAQ Members List Calendar Search Today's Posts Mark Forums Read


Rootkit hits Windows Unified Extensible Firmware Interface
Reply
 
Thread Tools
Old 3rd January 2019, 08:42   #1
[M] Reviewer
 
Stefan Mileschin's Avatar
 
Join Date: May 2010
Location: Romania
Posts: 153,575
Stefan Mileschin Freshly Registered
Default Rootkit hits Windows Unified Extensible Firmware Interface

Found by Sednit hunters

Insecurity experts hunting cyber-spy outfit Sednit have discovered the first instance of a rootkit targeting the Windows Unified Extensible Firmware Interface (UEFI) in successful attacks.

According to Threatpost Frédéric Vachon, a malware researcher at ESET published a technical write-up on his findings and said that finding a rootkit targeting a system’s UEFI was significant.

It means that rootkit malware programs can survive on the motherboard’s flash memory, giving it persistence and stealth.

“UEFI rootkits have been researched and discussed heavily in the past few years, but sparse evidence has been presented of real campaigns actively trying to compromise systems at this level”, he said.

Nicknamed LoJax the rootkit is a modified version of Absolute Software’s LoJack recovery software for laptops. The legitimate LoJack software was supposed to help victims of a stolen laptop be able to access their PC without tipping off the bad guys who stole it. It hides on a system’s UEFI and stealthily beacons its whereabouts back to the owner for possible physical recovery of the laptop.

Absolute Software’s code dates to a vulnerable 2009 version, which had several key bugs which allowed Sednit to customise a single byte that contains the domain information for the legitimate software to connect to to download the recovery software.

The infection chain is typical: An attack begins with a phishing email or equivalent, successfully tricking a victim into downloading and executing a small rpcnetp.exe dropper agent. The rpcnetp.exe installs and reaches out to the system’s Internet Explorer browser, which is used to communicate with the configured domains.

https://fudzilla.com/news/47857-root...ware-interface
Stefan Mileschin is offline   Reply With Quote
Reply


Similar Threads
Thread Thread Starter Forum Replies Last Post
Here's our first look at Windows' new adaptive interface Stefan Mileschin WebNews 0 7th June 2017 07:36
PS4's first post-launch firmware update brings minor interface tweaks Stefan Mileschin WebNews 0 20th November 2013 10:29
How the Modern Interface is Improved in Windows 8.1 Stefan Mileschin WebNews 0 15th July 2013 08:00
Mozilla plans war on fragmentation, reveals unified UI design for Windows 8 Stefan Mileschin WebNews 0 3rd May 2012 09:22
Microsoft confirms rootkit caused Windows XP blue screens jmke WebNews 0 20th February 2010 12:04
AMD Supports Microsoft Windows® 7 in ATI Catalyst™ 9.3 Unified Driver jmke WebNews 0 18th March 2009 12:29
First look at Windows 7's User Interface jmke WebNews 0 28th October 2008 17:25
The PS3 firmware hits version 1.11, guess what problem they've fixed? jmke WebNews 0 29th November 2006 14:21
Windows Rootkit Wars Escalate jmke WebNews 0 13th July 2006 18:47
Unified Display Interface Nears Release jmke WebNews 0 3rd July 2006 20:08

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


All times are GMT +1. The time now is 16:31.


Powered by vBulletin® - Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
SEO by vBSEO