Thursday 19 February 2015

Espionage Firmware In Hard Disks To Detect Barely


The malicious firmware that a group of cyber spies computers permanent commitment to continue spying is hard to detect and extremely difficult to remove. "It is extremely difficult to detect. From the software level, it is impossible," said Vitaly Kamluk, researcher at Kaspersky Lab.

The Russian anti-virus company revealed this week the existence of the spy group who developed all kinds of highly advanced malware. One subset fell on, namely, the ability to infect the firmware of the various popular brands hard disks.Therefore, the malware remains hidden and active, even though the hard disk is formatted or reinstall the operating system.The code ensures that the attackers can create an invisible storage on the hard disk.

"This is unique and the first time we have seen this level of complexity of a sophisticated attacker," said security researcher.However, the module could have been used rarely. "Only a very select list of victims have received this. This is one of the most special modules that I've seen because it is so valuable. They do not want that to be known," Kamluk let know this week during a conference, so reports Threat Mail .

"It is a valuable plug-in that is used only in specific cases for very important people." To detect the malicious firmware should the PC be disassembled and made a dump of the firmware. "And we think that only a few people in the world are able to analyze the malicious code within the firmware, compare and discover," says Kamluk.

According to the researcher takes years to write firmware. But the espionage group would not use vulnerability, but only ride on the way manufacturers roll out firmware updates. "They left the door open and stood possible longtime open. The trick is that you have the full description, the full reference of the current firmware should have and how it works."

Kamluk speculates that the attackers may have access to internal manuals and documentation of the respective suppliers.Manuals that may be stolen by an insider or through another malware attack. "They do not abuse a leak in the code. It is a design flaw." Because of the proprietary communication protocols and algorithms took investigators months before they learned how the malware exactly worked. A truly infected firmware researchers have not been able to find.

No comments:

Post a Comment