New
#50
Hey Rootandboot,
From what I gather of your post, this has been around for some time? and is even worse than described? I wonder if you could help us out by breaking down the issues, one by one, describing how each can be identified, your method of recovery for each, etc. I know it would help me (and others) to understand what you're going through. I mean, at this point, it sounds like you throw everything out and start over...
I made an account just give everyone a little heads up... I actually laughed out loud when i seen this article published... Because i have been battling... No, getting roflstomped for almost 6 months trying regain the nearly nrand new high end hardware that initially got hit with one of these uefi rootkit/bootkits.. Which i have come to suspect is a code implant in the spi memory that sits at the helm of a very complex and highly customizable malware framework... Think of a highly advanced veriation of the metasploit framework... With a root/boot kit implant on the target machine(s) providing a somewhat autonomous monitoring, control and configuration platform that with capabilitiy to manage and number of targets... Or victims rather, becuse le5s face it... This sort of attack vector in any but the must serious legal scenarios... Is nothing short of domestix terrorism... This aeticle about lojax makes it sound to me like the peace loving flowerchild sibling of this n8gh5mareware that has been wrecking my life for the past 6 months. Sure it flashes that poisoned code to 5he spi memory... But trust me that is just like the sweet and tender first kiss... Before the the malicious grudge f****ing starts... It does a lot of different things... Like flash out the rom on your Gpu then set up a virtual raid in the video memory, report bad bad hard disk clusters to the os effectively creating private unscanned hd space at will... It creates a virtual scsi bus and flashes the firmware on devices like cd/dvd roms and hard drives then uses supposedly generic MS dr8vers to route all your devices onto that bus.. Where it has complete control to inject malwarw3 in realtime should you try and boot up liv3 cds or whatever... It will poison any images you try t9 dl or burn, i have seen crazy crazy things while studying this ... Thing, and dont think for a second that it is not still under heavy developement aand being .. And i quote "field tested" directly from comments in multiple configuration files and logs... Its often referred to as thier "EXPERIMENT" ... It mqy very well be the group that is being credited, it could also very well not be.. There is no way to certain of anything at this point to be honest. The only thing for certain is that whatever this "project" is.... Its WELL funded and adequately staffed... Around the clock with frightenigly skilled mechanics. It usez bluetooth primarily for network connection... Right under your nose at first... And if 8t connects to your router... Ever device. Connected to it will get its firmware flashed and become an attack vector and asset. I have documented tons of files, config s ripts, instructional comments... Logs... And even a folder with 300+ poisoned firmware images at one point, for a wide variety of devices... Complete with instructions and pointers on the best methods to co.primise these devices for remote firmware flashing... At one point my rig was bei g configurwd via a repurposed version of puppet enterprise it automation software... Then a day or so later its mode of attack and comtrol was something else... So yeah, this is some next level shit.. And its unnerving when you realize you computer has been virtualized on your own hardware and someone else is in tje hypervisor seat... That you audio devices are recording.. and listwning for key words ... All. By persons unknown and without explanation. Anyways stay alert, look into hardware methods of trust certificate storage, and invest in a device that you can manually reflash things like the spi memory with. Lol. I have like 4 or 5 machines with full blown nightmareware infections... I am tr6ing to decide what to do at this point.
Sorry for the crazy sounding rant... But some bank in the balkins is NOT the first victim of this sort of thing.. I cqn say that with 100% certainty.
Sorry for shitty c9mposition h3re but this is quick rant via a phone... Hope it helps someone in someway, at some point.
Quote