ESET discovers first LoJax UEFI rootkit malware by Sednit group

xTL · 11 Oct 2018

Penny K said:

Seriously?!
Attachment 207788

Apple, Ubuntu or and other Linux system runs as a User at startup, you need "R00T" (Or Administrator as in Windows) permission to make changes to the OS.
Windows runs as a Administrator at startup giving full access and control of the operating system. . . . .

"W10, users with administrator privileges have complete control over the OS and their apps have unrestricted access to the computer. Running as administrator, an exploit can more easily gain control of your system. It can install rootkits, keyloggers, and other suspect services without you knowing. A malicious program can also modify and delete files, and even prevent devices from booting.

However, using a user account with fewer privileges can block most attacks."

why should you run a Windows computer from the user account - Google Search

Relax Penny, it was just a question.
Because you stated something yet again that was very unclear.
Hence the Question mark i gave after my reply.

Also i definitely don't agree with you that a user account is safer to use rather than a admin account in windows.
If your system does get infected by malicious code, it won't matter if you use a admin or user acc.
Only thing that matters is to clean it out & get the system secure and stable again!

You mention Apple and Linux, well apple isn't a operating system it's a company,
However Apple makes operating system for both their mobile devices and computers.
MacOS newest release is macOS Mojave. That is a operating system, and it's based on Unix.

Penny K said:

However, using a user account with fewer privileges can block most attacks."

This has to be one of the most ridiculous statements i've ever read!

And im guessing you went to google.com and searched for
" why should you run a Windows computer from the user account "
You then looked through the links picked link 3 that goes here,
copied what was written there and pasted it here.
Then added some of your own words, to make it seem that you actually know what ur talking about, when in fact you don't.

The article you most likely copied the text from goes on to talk about how,
how a nontechnical user is recommended to use a standard account,
but by that definition, if a " nontechnical user " gets a malware or rootkits, keyloggers, ect
( as given in your example ) where do you think they go to get help?

Obviously to someone with a bit more knowledge than themself.
You think that person with a bit more knowledge would be on a user acc instead of a admin acc?

IAmNoOne · 11 Oct 2018

winactive said:

PatchMyPC looks OK but it's arguing with me about things that are up to date saying they're not and it's missed a lot completely. I agree it's better than Filehippo App Manager. Too many options and too busy for me.

I used to use Secunia PSI that was the best but alas now no longer.

bullSPIT there is something wrong with your system or you're using it wrong. none of these programs are going to have EVERYTHING in them. yes psi was the best and it took me a good while to find patch my pc. too many options my ASP. the only options that should concern you are setting up where you want the portable apps actually saved to(if you want any of the portable apps), and deciding if you want it to just download and let you install or if you just want it to silently install for you. personally i find it does save lots time and is worth the little bit of time it takes to change a few settings.

simrick · 12 Oct 2018

xTL said:

Relax Penny, it was just a question.
Because you stated something yet again that was very unclear.
Hence the Question mark i gave after my reply.

Also i definitely don't agree with you that a user account is safer to use rather than a admin account in windows.
If your system does get infected by malicious code, it won't matter if you use a admin or user acc.
Only thing that matters is to clean it out & get the system secure and stable again!

Actually, it's a known fact, and has been since UAC, that many malware infections are stopped and/or severely hindered from wreaking their intended havoc on a system, if they are unleashed on a Standard User Account. So, it is safer to run daily using a Standard User account, and have an Admin account available for when it's needed.

Bree · 12 Oct 2018

simrick said:

Actually, it's a known fact, and has been since UAC, that many malware infections are stopped and/or severely hindered from wreaking their intended havoc on a system, if they are unleashed on a Standard User Account...

It seems to be an overlooked fact that in Windows 10 even an administrator account runs processes and apps at standard user privileges by default. That's why UAC keeps popping up, even when signed in as an administrator.

The advice that it's being sensible not to use an administrator account for daily use date back to XP when anything an administrator ran was at full privileges.

xTL · 12 Oct 2018

simrick said:

Actually, it's a known fact, and has been since UAC, that many malware infections are stopped and/or severely hindered from wreaking their intended havoc on a system, if they are unleashed on a Standard User Account. So, it is safer to run daily using a Standard User account, and have an Admin account available for when it's needed.

Most malicious code works as a chain reaction. One brings more!
UAC does not prevent malicious code.
A few perhaps or at least at best.. but not all, and due to that fact, once the system gets infected it does not matter if you use a admin acc or a user acc!
My perspective of OS safety is based up on the amount of control you have in your system.
I rather work at a admin level where i can make sure that my system is under my controll and not someone else's.

simrick · 12 Oct 2018

My point is, that using a Standard User account can prevent malware infections from fully taking hold of a system. I have seen it many times: infections in a Standard User account had not completely infiltrated the OS for whatever they were designed to do, (like they would have done using an Admin account), and were/are much easier to clear out.

xTL · 13 Oct 2018

So when i wrote " malicious code, " i wasn't just reffering to " malware infections " but also, rootkit, keyloggers adware ect.
A standard user account with UAC active will not be able to prevent this!
And because of this it won't matter if it's a user acc or admin acc.
The best thing you can do is to protect yourself from the malicious code before it infects ur system.
Malware gets smarter and smarter each time someone developes it, UAC does not!

I've cleaned out many many of my friends &families computers, some on admin acc & some on user acc, and because they had no protection in their system other then the standard that windows gives, there's no way of knowing what damage was done by the malicious code that had been infecting their system for a long time.

In the end they felt angry, worried, ect and just wanted the infections gone and their security & privacy restored.

winactive · 14 Oct 2018

IAmNoOne said:

bullSPIT there is something wrong with your system or you're using it wrong. none of these programs are going to have EVERYTHING in them. yes psi was the best and it took me a good while to find patch my pc. too many options my ASP. the only options that should concern you are setting up where you want the portable apps actually saved to(if you want any of the portable apps), and deciding if you want it to just download and let you install or if you just want it to silently install for you. personally i find it does save lots time and is worth the little bit of time it takes to change a few settings.

I don't think I am using it wrong. The tool loks like a cobbled together POS if you ask me. I won't lose sleep not using it!

Yep, the thread is still over populated with Linux evangelists, who strangely still use Windows....

IAmNoOne · 14 Oct 2018

winactive said:

I don't think I am using it wrong. The tool loks like a cobbled together POS if you ask me. I won't lose sleep not using it!

Yep, the thread is still over populated with Linux evangelists, who strangely still use Windows....

AhHaHaHaHaHaHaHaHa you aren't using it right

Rootandboot · 24 Oct 2018

I made an account just give everyone a little heads up... I actually laughed out loud when i seen this article published... Because i have been battling... No, getting roflstomped for almost 6 months trying regain the nearly nrand new high end hardware that initially got hit with one of these uefi rootkit/bootkits.. Which i have come to suspect is a code implant in the spi memory that sits at the helm of a very complex and highly customizable malware framework... Think of a highly advanced veriation of the metasploit framework... With a root/boot kit implant on the target machine(s) providing a somewhat autonomous monitoring, control and configuration platform that with capabilitiy to manage and number of targets... Or victims rather, becuse le5s face it... This sort of attack vector in any but the must serious legal scenarios... Is nothing short of domestix terrorism... This aeticle about lojax makes it sound to me like the peace loving flowerchild sibling of this n8gh5mareware that has been wrecking my life for the past 6 months. Sure it flashes that poisoned code to 5he spi memory... But trust me that is just like the sweet and tender first kiss... Before the the malicious grudge f****ing starts... It does a lot of different things... Like flash out the rom on your Gpu then set up a virtual raid in the video memory, report bad bad hard disk clusters to the os effectively creating private unscanned hd space at will... It creates a virtual scsi bus and flashes the firmware on devices like cd/dvd roms and hard drives then uses supposedly generic MS dr8vers to route all your devices onto that bus.. Where it has complete control to inject malwarw3 in realtime should you try and boot up liv3 cds or whatever... It will poison any images you try t9 dl or burn, i have seen crazy crazy things while studying this ... Thing, and dont think for a second that it is not still under heavy developement aand being .. And i quote "field tested" directly from comments in multiple configuration files and logs... Its often referred to as thier "EXPERIMENT" ... It mqy very well be the group that is being credited, it could also very well not be.. There is no way to certain of anything at this point to be honest. The only thing for certain is that whatever this "project" is.... Its WELL funded and adequately staffed... Around the clock with frightenigly skilled mechanics. It usez bluetooth primarily for network connection... Right under your nose at first... And if 8t connects to your router... Ever device. Connected to it will get its firmware flashed and become an attack vector and asset. I have documented tons of files, config s ripts, instructional comments... Logs... And even a folder with 300+ poisoned firmware images at one point, for a wide variety of devices... Complete with instructions and pointers on the best methods to co.primise these devices for remote firmware flashing... At one point my rig was bei g configurwd via a repurposed version of puppet enterprise it automation software... Then a day or so later its mode of attack and comtrol was something else... So yeah, this is some next level shit.. And its unnerving when you realize you computer has been virtualized on your own hardware and someone else is in tje hypervisor seat... That you audio devices are recording.. and listwning for key words ... All. By persons unknown and without explanation. Anyways stay alert, look into hardware methods of trust certificate storage, and invest in a device that you can manually reflash things like the spi memory with. Lol. I have like 4 or 5 machines with full blown nightmareware infections... I am tr6ing to decide what to do at this point.
Sorry for the crazy sounding rant... But some bank in the balkins is NOT the first victim of this sort of thing.. I cqn say that with 100% certainty.

Sorry for shitty c9mposition h3re but this is quick rant via a phone... Hope it helps someone in someway, at some point.