InterviewSolution
Saved Bookmarks
InterviewSolution
| 1. |
Solve : Newfangled rootkits survive hard disk wiping? |
|
Answer» http://www.theregister.co.uk/2009/03/24/persistent_bios_rootkits/ Researchers have demonstrated how to create rootkits that survive hard-disk reformatting by injecting malware into the low-level system instructions of a target computer. The researchers, from Core Security TECHNOLOGIES, used the techniques to inject rootkits into two computers, one running the OpenBSD operating system and the other Windows. Because the infection lives in the computer's BIOS, or basic input/output system, it persists even after the operating system is reinstalled or a computer's hard drive is replaced. While researchers have focused on BIOS-based rootkits for at least three years, earlier techniques generally attacked specific types of BIOSes, such as those that used ACPI, or Advanced Configuration and Power Interface. The techniques demonstrated by the Core researchers work on VIRTUALLY all types of systems, they said. Of course, injecting code into the BIOS is no easy feat. It requires physical access to the machine or an exploit that hands an attacker unfettered root access. But the research, presented at last week's CanSecWest security conference by Anibal L. Sacco and Alfredo A. Ortega, does demonstrate that INFECTIONS will only become harder to spot and remove over time.So you need to flash your bios just to get rid of it?It looks like...With a person needing physical access to the computer I'm not too concerned. also don't PC's nowadays require a jumper in a certain place to allow the flash functionality?Quote from: BC_Programmer on March 26, 2009, 12:56:33 PM also don't PC's nowadays require a jumper in a certain place to allow the flash functionality? Not sure what the stats on what do and don't but I'd ACTUALLY imagine that most would not require a jumper to be moved to flash a BIOS since many users have a hard enough time simply flashing the BIOS let alone opening the computer and moving a jumper. I'd imagine there are more motherboards that have a jumper that is used to recover the BIOS if it is flashed improperly or to recover the default values.Must have been the early flash ROMs that required a jumper- ironically enough for the very same reason that it would be of benefit here- viruses. Not sure if it's implemented this way, but an ideal solution would be a ROM based bios, which cannot be changed- and is enough to allow you to boot windows. a jumper would allow switching from this ROM bios, to the Flash BIOS and back. Of course the Flash would initially be the same as the ROM, but would be upgradable. This way- at the very least, it would be far EASIER to bring the PC back to life; rather then order a new Flash chip with a BIOS on it, the user or a tech could change the jumper and boot, then flash the BIOS with a newer version again. I believe ASUS has already implemented with their Quick Boot Linux MBoards... It drops you into a Linux shell which can do most day to day quick tasks and then there is the option for a full system boot... |
|