Malware That Can Survive OS Reinstalls

jimbo45 said:

Solution to the Schrödinger's cat paradox.

Hahah!

this whole screaming 'fire' in an EPROM is a Schrödinger's in the butt.

I've been switching to BIOS version 1.56 and 1.57 a few times in the pass 4 months. I guess that kills the malware, but I'm not a diplomat. This is my understanding and it is good to know.

My home insurance package covers a meteorite, not a malware.

jimbo45 said:

Hi folks

There's probably more chance of a piece of meteor hitting your computer than getting it infected by this type of attack.

I couldn't agree more! There is a BIG difference between "possibility" and "probability". It an absolute certainty that it is "possible" for the meteor to smite your computer from existence. And it is an equally absolute certainty that the "probability" of being smitten is very close to nil...oh well so much for smit, smite, and smote...

swarfega said:

You can get hardware viruses though.

Hi there
Yes I suppose Iron / metal can go rusty, get attacked by microbes etc etc. but unless using computers a lot outdoors in places like Volcano research stations on the sides of active volcanoes, glacier movement studies etc and not keeping them covered up it's not likely.

Hardware is just that - so it's 100% impossible --- firmware / software is another matter. For example it *might* be possible to effect the Disk controller chip (which can in cases be replaced - specialized job though) but as for the pure mechanical HDD itself !!!! no way.

Cheers
jimbo

If the Chinese were capable to accomplish such exploit, that would be very, very scary and even worse than LOLBins' (Living-Off-The land Binaries) exploit. They have to do with evasive scripts. I am more inclined to accept @jimbo45's interpretation of the whole matter.

For reference about "LOLBins":

Living off the Land Binaries (“LoLBins”) are default applications already present on a Windows system, which can be misused by cybercriminals to carry out common steps of an attack without having to download additional tools onto the target system. For example, criminals can use LoLBins to create post-reboot persistency, access networked devices, bypass user access controls, and even extract passwords and other sensitive information.

There are dozens of LoLBins native to the Windows OS that criminals can use, e.g., powershell.exe, certutil.exe, regsvr32.exe, and many more. This is one of the ways cyber criminals disguise their activities, because default OS applications are unlikely to be flagged or blocked by an antimalware solution. Unless you have strong visibility into the exact commands that these processes are executing, it can be very hard to detect malicious behavior originating from LoLBins.

How to protect yourself from the hidden threat of evasive scripts - Help Net Security

A bit of joke is fine, and a bit of disagreements is fine too, but taking direction towards "joke only" is not wise either.

Jimbo and few others said it all, and to add to this, hardware malware if developed by somebody, that somebody will surely not target you and me!

They would target firms, governments and who know what kind of agencies, why would they target you and me? to steal our steam accounts or credit cards? that's not worth it!, if their malware get's discovered it might no longer work.

The more computers with this type of malware higher the chance of being discovered.

The only reason why you or me should be worried if we are doing some really important thing, something secret, or if we are really rich or if somebody is targeting us for what ever valid reason (doesn't have to be profitable), let your imagination name the rest of cases.

I am not doing this as advertisement, but there is a device called the ch341a programmer, it has a connector like a big paperclip which can be attached directly to the BIOS/UEFI chip (first remove everything from the motherboard, including the processor and battery). It spares many troubles and moments of anguish. It works best if you have backed up your BIOS. Otherwise flashing the new BIOS gets you weird MAC addresses. Works best from Linux, no need to mess with all sorts of settings, such as guessing the ROM (or rather EEPROM) chip.

almodovaris said:

I am not doing this as advertisement, but there is a device called the ch341a programmer, it has a connector like a big paperclip which can be attached directly to the BIOS/UEFI chip (first remove everything from the motherboard, including the processor and battery). It spares many troubles and moments of anguish. It works best if you have backed up your BIOS. Otherwise flashing the new BIOS gets you weird MAC addresses. Works best from Linux, no need to mess with all sorts of settings, such as guessing the ROM (or rather EEPROM) chip.

Hi there
Overkill - and most people would damage the machine trying to do it anyway -- if you are that bothered just buy another laptop and never connect it to the Internet. !!! If you think Chinese hackers will waste time and money getting approx 73 USD from someone's bank account - then you probably go about your whole day worrying about things that aren't likely to happen - like losing your grocery in a supermarket or getting electrocuted the next time you turn on a light switch !!!

Time to forget this whole thing

Just ensure Windows defender is enabled, security updates applied and avoid getting scammed (much more likely to get scammed and that's currently not defendable against via Software) . WD is as good as any other A/V system out there currently for HOME computers --it's actually based on the Enterprise strength of the security system used in Ms's Cloud AZURE service which is probably the best in the industry currently.

Cheers
jimbo