[ 3 / biz / cgl / ck / diy / fa / g / ic / jp / lit / sci / tg / vr / vt ] [ index / top / reports / report a bug ] [ 4plebs / archived.moe / rbt ]

Due to resource constraints, /g/ and /tg/ will no longer be archived or available. Other archivers continue to archive these boards.Become a Patron!

/g/ - Technology

View post   

[ Toggle deleted replies ]
File: 132 KB, 640x360, badbios.jpg [View same] [iqdb] [saucenao] [google] [report]
37744244 No.37744244 [Reply] [Original] [archived.moe] [rbt]

Seems fake to me, but now more people are buying it.

What do you think /g/?


>> No.37744290

> Strangest of all was the ability of infected machines to transmit small amounts of network data with other infected machines even when their power cords and Ethernet cables were unplugged and their Wi-Fi and Bluetooth cards were removed.
Seems legit, mate.

>> No.37744293
File: 529 KB, 890x1200, 1382551786161.jpg [View same] [iqdb] [saucenao] [google] [report]

Prolly something with halloween.

>> No.37744361

Seemed completely fake at first, but the more I read about it, the likelier it gets that it's real.

It's far from impossible at all, as some guy said, if someone really wanted to code a BadBIOS, it would take a year max to a good sec guy and coder.

>> No.37744364
File: 77 KB, 461x307, hawking-weightless.jpg [View same] [iqdb] [saucenao] [google] [report]

hawkin's radiation, man

>> No.37744389

but how can it work across all systems? wouldnt it need root access in most linux systems to even touch the bios from them? unles it sneaks around the OS entirely

>> No.37744405

> Ruiu also disconnected the machine's power cord so it ran only on battery to rule out the possibility that it was receiving signals over the electrical connection. Even then, forensic tools showed the packets continued to flow over the airgapped machine. Then, when Ruiu removed the internal speaker and microphone connected to the airgapped machine, the packets suddenly stopped.
Journalism at it's finest.

>> No.37744417

The whole point of attacking the BIOS is that you are even lower lovel than the OS. You have direct hardware access.

From what we know so far, most USB drivers don't check for buffer overlows. Any rogue USB device could exploit any BIOS or Operating System this way.

And BadBIOS is confirmed for being able to flash USB keys drivers.

>> No.37744429

so one way to defeat this would be to change the way a USB driver is coded?

>> No.37744443

"confirmed"? confirmed for fucking what? it's something one jackass is dealing with, in a half-assed way. fighting it for three years and he hasn't dumped the bios to examine it on another machine? what a crock of shit.

anybody that spreads this is a fucking fool.

>> No.37744448

Well in the October patches for windows, there was a section covering USB driver exploits

>> No.37744461

Yes. All usb drivers in this gay earth are vulnerable.

That's a really clever trick.

Yes, but there are literally hundreds of bugs to patch and checks to do. I doubt that everything is patched yet.

>> No.37744481

> Interestingly, this exposes a seldom-discussed downside of using an Apple computer. Their product line is extremely small, which means that hardware-specific attacks and firmware attacks like BIOS rewrites are much easier to do.
This is a stray comment, is it correct that only Apple computers are vulnerable? If so, toppest lel.

>> No.37744489

>implying you can just rewrite any controllers on flash drives

>> No.37744491

>airborne computer virus
>some people here actually question its validity

>> No.37744497

well what about requiring certain keys and access codes to even write to the bios in the first place

why is writing to the bios such an easy thing in the first place?

>> No.37744515

> is it correct that only Apple computers are vulnerable?
No Windows and loonix too. Even xBSD apparently, wich is known for being very secure.

> well what about requiring certain keys and access codes to even write to the bios in the first place
The point is that it's an exploit, it bypass the 'keys and access codes' (and there's no such thing as access codes to flash a BIOS afaik).

It exploits a bug to replace the BIOS with whatever code (via buffer overflow or whatever), and then flash itself permanently.

>> No.37744529

so then the only way to really stop this is to litterally make the bios impossible to write to at a hardware level?

>> No.37744534

> >airborne computer virus
It is not. See >>37744405
Data transfer over ultrasound is possible, some android phones actually do that already (Samsung or Asus iirc)
Nobody said about infection over microphone, only about already infected machines establishing a physically independent network to propagate patches and payload.

>> No.37744546

skynet is up
also microphone and speakers make feedback, maybe that shit has something to do with it

>> No.37744548

It's a bios virus, OS does not matter, but the article implies that only apple hardware is affected.

>> No.37744550

> so then the only way to really stop this is to litterally make the bios impossible to write to at a hardware level?
Yes, but you don't want to do this.
Lots of people want/need to flash their BIOS.

The better way would be to simply fix the USB drivers and understand how BadBIOS works.

>> No.37744563

well true but then the coder finds another exploit and we start back at square one

hell id even take user swapable bios chips over having to worry about this

>> No.37744564
File: 48 KB, 280x314, 1348292301804.jpg [View same] [iqdb] [saucenao] [google] [report]

Jeez, this is fucking spooky.
Are we really going to need to start putting our workstations in anechoic chambers to prevent malware phoning home?

>> No.37744579

> It's a bios virus, OS does not matter
The OS matters a lot actually.

The thing with the BIOS is that it's only used at startup to load the OS kernel and necesary files, then the OS switches to Protected Mode and ditches the BIOS completely to use it's own drivers instead.

What BadBIOS probably does is that when the OS is trying to load it's kernel and files, it replace some of them with a rootkit, thus infecting the OS drivers too. But this is OS-dependant, you need a different code for each OS.

That's what happens regularly in computer security. People find new exploits, and other people try to patch them.

>> No.37744605

how in the fuck does it change linux drivers without root access?

>> No.37744651

This is before Linux is even loaded, there is no concept of "root" before that happens.
This is at the stage of your bootloader, instead of just mapping the kernel into memory it slips the rootkit in as well.

>> No.37744656

I somehow doubt it.

While the technology may be there, I doubt that:
1: Not All speakers can actually achieve the frequencies necessary to transmit data without humans hearing it
2: The receiving machine has to have it's microphone activated and ready to receive data, as well as the algorithms to decode said transmissions

Basically the malware can only affect another computer if it was already infected first and was listening.

Because it can probably replace them before the OS even loads.

Linux then loads the fake drivers thinking they are legit.

>> No.37744657

Linux needs the BIOS to load itself at startup. It basically asks the BIOS "hey give me that file on the disk".

At this point BadBIOS has to replace the vanilla Linux drivers by it's own rootkit.
No need for root. Root is just something invented by linux. The BIOS has full access to the hardware

Then once linux is done loading it's own drivers, it stops using the BIOS and use its own drivers instead.

>> No.37744660

If for a moment we accept it's real, who could write something like this?

>> No.37744674
File: 242 KB, 537x600, 1292476151307.png [View same] [iqdb] [saucenao] [google] [report]

what the fuck am i reading.

>> No.37744677

A group of seriously motivated hardware hackers and coders, with at least a year to waste full-time working on this.

>> No.37744690
File: 1.25 MB, 1845x1923, 1378444827541.jpg [View same] [iqdb] [saucenao] [google] [report]


>> No.37744693

>His network transmitted data specific to the Internet's next-generation IPv6 networking protocol, even from computers that were supposed to have IPv6 completely disabled. Strangest of all was the ability of infected machines to transmit small amounts of network data with other infected machines even when their power cords and Ethernet cables were unplugged and their Wi-Fi and Bluetooth cards were removed.

>> No.37744697

so then short of bios flashing there could be litterally no way to actually stop this

what is he risk to consumer level hardware at this point?

>> No.37744717
File: 21 KB, 318x318, skynet.jpg [View same] [iqdb] [saucenao] [google] [report]


>> No.37744731

> short of bios flashing there could be litterally no way to actually stop this
Even BIOS flashing doesn't work.
It's extremely resilient, there is no known way to get rid of it, except destroying your computer.

It's probably copying itself in every firmware it finds, including but not limited to the BIOS emergency backup, the system controller, your keyboard and mouse, your USB drives, your webcam, .....

The risk is that if there's a bug in BadBIOS, it could brick your hardware completely. Also you're part of the most powerful botnet so far.

>> No.37744736

It depends on how easy it is to get infected in the first place.
The big thing about this virus is that it's insanely difficult to get rid of, not that it's easy to catch.
You need to actually run code that exploits your particular system to write shit to the BIOS, I don't know how easy that is.

>> No.37744738
File: 48 KB, 470x600, 1302190064007.jpg [View same] [iqdb] [saucenao] [google] [report]

>>His network transmitted data specific to the Internet's next-generation IPv6 networking protocol, even from computers that were supposed to have IPv6 completely disabled. Strangest of all was the ability of infected machines to transmit small amounts of network data with other infected machines even when their power cords and Ethernet cables were unplugged and their Wi-Fi and Bluetooth cards were removed.

>> No.37744787

>Ruiu also disconnected the machine's power cord so it ran only on battery to rule out the possibility that it was receiving signals over the electrical connection. Even then, forensic tools showed the packets continued to flow over the airgapped machine. Then, when Ruiu removed the internal speaker and microphone connected to the airgapped machine, the packets suddenly stopped.

>With the speakers and mic intact, Ruiu said, the isolated computer seemed to be using the high-frequency connection to maintain the integrity of the badBIOS infection as he worked to dismantle software components the malware relied on.

>> No.37744791
File: 364 KB, 1100x1002, 1378436676614.png [View same] [iqdb] [saucenao] [google] [report]


>> No.37744796

well what are the actually chances of this not even being a real thing anyway? i mean really if this guy found it three years ago wouldnt it have spread like wildfire by now and be in literally everything? wouldnt this be as famous and big as stuxnet? why is it just being talked about now isntead of 3 years ago?

>> No.37744812

They might just be doing IPv6 over ultrasound, so that's not too crazy.
I mean why write the whole protocol from scratch?

>> No.37744815

and you are retarded

processor has nothing to do with this

>> No.37744833
File: 79 KB, 501x585, 1379360624656.jpg [View same] [iqdb] [saucenao] [google] [report]

dont lie to me shill

>> No.37744842

That's the weird part. He's the only guy who reported on this in 3 years.

That's very strange, he's not exactly the most talented faggot even if he's good.

Imho either the thing 3 years ago had nothing to do with this, or they are targetting only a select number of people and the infection would remain inactive anywhere else (no weird packets, no disabling other OSs, no actively infecting every media)

>> No.37744856
File: 43 KB, 812x549, speccy.png [View same] [iqdb] [saucenao] [google] [report]

i have and AMD CPU for fuck sake

>> No.37744865

>He found it installed in some laptops with Windows systems installed, but it proved to be somehow platform independent as it can infect a BSD system and OSx is not immune.

>It reflashes the system BIOS, and it is resilient: even after flashing the BIOS with a legit firmware, it will still be there. This forces the researcher to use a new machine for each test.

>It uses communication via SDR (Sotftware Defined Radio) to bridge air gaps (computers out of the network). It works even if the wireless and Bluetooth cards are physically removed.

>It loads a Hypervisor.

>When the BIOS is infected, it doesn’t let you boot from external devices regardless of settings. Most of the times, it goes for internal disk.

>It reflashes all USB drives plugged into an infected system, including external USB CD drives. It doesn’t affect the files in the USB, it directly infects the firmware.

>Just plugging an infected memory stick in a clean system will infect it… without even needing to mount it!

>In infected Windows systems, some extra .ttf and .fon files appear – three of them (meiryo, meiryob, and malgunnb) have a size that is bigger than expected.

>When trying to extract those files, they disappear from the burnt CD.

>People are pointing to Russia as an origin of this malware as they are the only known developers of reset flash controllers’ software. The malware also blocks the reflashing Russian software sites.

>> No.37744874

either that or the guy is just a pig fat liar dragging others into it as well

>> No.37744879
File: 236 KB, 500x500, hoops.gif [View same] [iqdb] [saucenao] [google] [report]

youre in the clear... for now

>> No.37744893
File: 208 KB, 756x729, ohmehgawd.png [View same] [iqdb] [saucenao] [google] [report]

that is the best thing i've seen in a while

>> No.37744907

>When trying to extract those files, they disappear from the burnt CD.
How in the fuck do files disappear from a burnt CD.
That's some quantum mechanics shit right there

>> No.37744910

Yeah, but I know him a little and that would be really surprising.

He has a good reputation and he just keeps giving more details on twitter and posting 900MB dumps on mega. He's really trying from what we can tell.

If he's faking it, either he's trying to achieve something big or he went completely nuts.

>> No.37744919

Maybe the system only said it burnt the files on there, but in reality it burnt nothing at all.

>> No.37744927

> How in the fuck do files disappear from a burnt CD.
Files are added by the rootkit on every burnt CD, when you open the CD you get infected somehow, then the rootkit (wich is now in your computer) hides the files for you.

>> No.37744961
File: 13 KB, 432x286, 1266511797293.jpg [View same] [iqdb] [saucenao] [google] [report]


here's his original post about it.

anyone want to download those files?

>> No.37744968
File: 27 KB, 500x265, 970372_374252376042097_502092172_n.jpg [View same] [iqdb] [saucenao] [google] [report]

leejun did it obviously

>> No.37745179

>font files infect wanblows systems
and this, kids, is why kernel font rendering is a bad idea

>> No.37745443

Could this be a stage agency targeting a select group of tech people and this guy was the first to find out?

>> No.37745465

Maybe. But that's a little too much if they just wanted to target a couple tech guys.

This is world-domination tier malware.

>> No.37745480

If this thing works by fucking up the BIOS, why don't they make BIOS read only unless a switch is flicked on the back of the case, or a contact is shorted on the motherboard?

>> No.37745499

Because > muh ease of use I don't want to dismount my computer just to flash a BIOS.

But it still wouldn't be a perfect solution, BadBIOS could still exploit the USB drivers and flash other microcontrollers instead.

>> No.37745518

>It uses communication via SDR (Sotftware Defined Radio) to bridge air gaps (computers out of the network).

I don't think you know what a Software Defined Radio is.

It is apparently using inaudible tones over the system's speakers.

SDR would imply that the computers magically had UHF/VHF/MW/etc transmitters and receivers hidden on the motherboard.

>> No.37745537 [DELETED] 

it uses attached speakers and mics, m8.
stops transmitting if they're disconnected.
you should read the article.

>> No.37745547

>But it still wouldn't be a perfect solution, BadBIOS could still exploit the USB drivers and flash other microcontrollers instead.

That is still better than being able to directly control the BIOS.

>> No.37745555

SDR is just to mean that they are using their own high-freq sound transmission protocol imho, not regular sdr.

>> No.37745574

SDR is Radio.

Sound is not Radio.

If it used radio, speakers and mics would not have anything to do with this.

>> No.37745580
File: 49 KB, 346x365, CoreTemp-Scr.png [View same] [iqdb] [saucenao] [google] [report]

mah nigga

>> No.37745590

i misread your post, sorry m8.

>> No.37745592

>inaudible tones over the system's speakers
I thought casual speakers cannot reproduce inaudible tones

>> No.37745599

That's just the nsa backdoor m8
Comes with every laptop

>> No.37745604

>has the ability to use high-frequency transmissions passed between computer speakers and microphones to bridge airgaps.


>> No.37745608

Post more.

>> No.37745610

Most of they can just a little over 20k

>> No.37745621

That's like the last resort covert channel.
But apparently it's possible.

>> No.37745652

Depends who is listening.

To much of my family, the whine of my CRT (15.734 kHz at 60Hz) is inaudible.

There are few people I know that can hear it at normal volumes, but my microphone picks it up with ease. This is because human hearing drops off in sensitivity at higher frequencies, with older people usually having it drop off earlier.

Inaudibility is in the ears of the beholder.

>> No.37745657

there are quite a few people able to catch slightly above 20k frequencies
also pretty the mics capturing sound have reduced range

>> No.37745660


>> No.37745697
File: 146 KB, 1280x1440, 1326440397528.jpg [View same] [iqdb] [saucenao] [google] [report]



>> No.37745816

For those who are still skeptical about the whole ultrasonic thing:

>> No.37745851


>> No.37745857

I think the main issue here is supposedly magical abilities of this thing as one guy in the comments says-
> it can infect all kind of bootstrap flash: BIOS, UEFI as and EFI, it works equally well on Mac, Windows and Linux, it has magical power over USB flash controllers (apparently, regardless of brand), can create a mesh network over a covert channel that, somehow, ends up creating "network data" that can be pulled by a regular forensic tool (but still eludes identification for several years) and it can do all this while nesting itself in a BIOS image that is 8 megs big (at best) without actually crippling it. I won't even go into the weird ability to kill >files of CDs...
>In one place.
>For one man.
>Without anyone else being able to reproduce or even confirm it.

>> No.37745865

This guy clearly has schizophrenia or something.

>> No.37745897


BIOS loads and reads OS USB Device IDs... These are the keys that make the malicious code activate the PHREAKING 2.0 styled phoning.

Naysayers... Do you even know that batteries actually exist in mobos ????????????????????????????????

Naysayers, you quote 2 lines of an article

then dismiss it.......................................




>> No.37745932

Do you even speak english ?

> BIOS loads and reads OS USB Device IDs... These are the keys that make the malicious code activate ...
Yes, we know. It's a buffer overflow in the BIOS driver. When did I even quote the article to dismiss it ?

You need to calm down, anon.

>> No.37745938




PLEBE IS LOOSING........................


>> No.37745941

I like that skull pic

>> No.37745957



>> No.37745974


>> No.37745987


this guy claims to be infected as well. lel.

>> No.37746003

Proof of concept infector located @ http://destaps.com

>> No.37746013

The guy who has been reporting it is a pretty well respected security researcher. I see no reason why he would just ruin his reputation over a silly hoax.

>> No.37746014
File: 94 KB, 343x361, happening.jpg [View same] [iqdb] [saucenao] [google] [report]

Fuck, his pic looks legit.

We need more doom paul.


>> No.37746024

that pic isn't his. it's a retweet from someone attempting a proof of concept for infrasonic data transmission.

>> No.37746050

He's claiming to have the same symptoms as Dragos, then post a pic of 20KHz transmission, and it's a fucking PoC ?
What a faggot.

>> No.37746064
File: 42 KB, 500x321, Project_2501.jpg [View same] [iqdb] [saucenao] [google] [report]


>> No.37746068

Sounds like a load of shit. Either he made a simple mistake and has too much pride to admit it, or he's so full of himself that he genuinely believes that any nonsensical theory he comes up with is plausible by virtue of him coming up with it.

>> No.37746088

it's just a RT, anon. he's posted plenty of data of his own. don't know if his data is any good - not going near it on this machine.

>> No.37746107

Other people start claiming that they have the same symptoms.

Imho lots of people are infected but just didn't immediatly thought "BIOS-flashing rootkit" when they couldn't boot on CDs.

>> No.37746135
File: 41 KB, 521x445, 11-01 16_41_24-dragosr (dragosr) sur Twitter.jpg [View same] [iqdb] [saucenao] [google] [report]

Ultrasound transmission confirmed for working up 0.1KB/s and already found in the wild.

>> No.37746150

Maybe it was made by the NSA, imo they're the only one who have enough money and expertise to pull off something like this,

IF, this is not just a Halloween prank.

>> No.37746177

> The NSA
> Expertise in computing
The NSA is too busy drawing kool smileys and making stupid PPTs.

Meanwhile, the Syrian Electronic Army keeps getting better everyday. I'm scarred.

>> No.37746178

So, how long before someone makes a jammer for this?

it wouldn't be too hard, i guess.

>> No.37746192


>> No.37746193

It's a psychological effect. If you tell people that they have the plague, eventually they'll begin to feel symptoms.

>> No.37746206

So, is this shit real?

>> No.37746209

Speakers double as poor microphones. They receive audio deflection as well as produce them. They just never have the sophisticated tuning of a good mic. If this transmits diverse beeps and boops outside of the range of human hearing, it's possible. I would imagine the recieving machine would need to be set up to incorporate data from its speakers experiencing deflection, though.

>> No.37746219

It transmits primarily by USB/CD apparently, you can't really fix this without patching every OS and flashing every BIOS.

We're in a really deep shit.
I'm considering the idea of writing my own simple USB firmware flasher.

Maybe, but this is computer security specialists, they are supposed to know what they talk about.
If they can't boot on a CD and get weird 8mb TTF files, it's probably not just psychology.

>> No.37746225

Their PCs aswell apparently.

>> No.37746238

So far it's just a bunch of retards circlejerking on twitter (le #badbios le le) so I'm not really convinced

>> No.37746241

pretty easy

>> No.37746270

Tried looking at the dumps and files ?

The TTF file particularly since they are easy to understand, table 63, it's not just your average TrueType script.

>> No.37746273

All people have the capacity to be imbeciles, anon. I have no reason to believe that in the same position, I'd avoid the same mistakes.
Sure, why not? Maybe they had no reason to know if their computers could boot from optical media until now.

>> No.37746284

> All people have the capacity to be imbeciles, anon. I have no reason to believe that in the same position, I'd avoid the same mistakes.
Maybe, that other guy doesn't seem very prone to questionning himself. We'll see I guess.

>> No.37746298

Biggest load of shit u have red in my life
Why is this thread still up

>> No.37746312

Halloween scare story anon.

>> No.37746346

idk, one of my friends made a infrared jammer, basically you just have to send garbage data at the same frequency the original data is transmitting. Though im not an expert, so don't quote me on that.
Input from microphone has to be amplified before it can be processed.
Output from the audio female jack is loud enough to power an earphone. it may be amplified further if needed, though.

So, you could get a speaker running as a microphone in theory, the jacks on a normal computer doesn't have enough hardware capabilities to operate it as such.

>> No.37746366

my freind actually used to use a old pair of speakers as a mic

>> No.37746385

I successfully used some earbuds as a mic before, but I had to literally scream and it was still barely picked up

>> No.37746407

>without even needing to mount it
Your USB controller still communicates with the drive and gets some information from it when you plug it in.

>> No.37746410

And you thought hiding viruses in .jpgs was implausible

I'll believe it when we have multiple sources confirm it.

>> No.37746412

an audio "jammer" at 20kHz? Extremely easy, just get a 555 and you're basically done. They sell those things as teenager repellents as far as I know.

>> No.37746413

that's so awesome, he looks really happy, or maybe gravity isn't pulling his jowls down anymore

>> No.37746417

Not really. If you gain control of the USB controller on a x86 system you basically have a hold on the entire system.

>> No.37746432

Because he's clearly cracked.

>> No.37746437

Read the thread. It's getting more and more likely that this is real.

>> No.37746462

Jesus Christ get that shit out of this thread.

Seems to odd for me, I'd have to see it.

>> No.37746598

?? that why faulty usb devices lock up or restart my pc?

>> No.37746673

Probably. It's a well known fault of these devices. You can control PCI, most kinds of buses, all that shit if you have control of the USB controller.

>> No.37746680

BIOS based viruses are not a new or novel thing.

since the early 90s, there have been options in BIOS to prevent and notify the user if the BIOS is being modified.

>> No.37746718

This one is resilient. You can't boot a non-controlled OS, DBAN and flashing your BIOS is not enough to get rid of it, and any computer with USB is vulnerable.

Also, it laods high-level rootkits apparently, it looks very sophisticated.
It's like all those piece of cutting edge PoCs mixed together.

>> No.37746780
File: 36 KB, 366x334, 1373038624686.jpg [View same] [iqdb] [saucenao] [google] [report]

>take the bios chip out
>replace with a new one or fry it clean like in the old times
>20 cents

>> No.37746806

I can't really remove my bios chip, the bastards soldered it in place...

>> No.37746826

You don't get it, it appears to copy itself everywhere, in the keyboard/webcam/system controller/whatever, and in whatever OS you boot.

If you don't clean absolutely everything on all your computers, it'll just come back.

Also, my BIOS chip is tiny and soldered, changing it is a pain.

>> No.37746844

This is art.

And you can bet that if something is a theorized possibility, someone will use it. Most likely governments. The individual components of this are not that ground breaking, but it's the total package that does it. I'm sure there are other even more sophisticated ways of making infected computers communicate than with sound, one idea I have is if computer A have a webcam and the malware activate it and record video and the malware incomputer B modify the reresh rate of the monitor so the light emitting from it flickers. Unnoticeable to the human eye but perhaps enough for the webcam to pick up on if it happens to be in close proximity to machine A? At least in a dark room it could be viable. I'm sure there are other ways too.

>> No.37746873

>in the keyboard/webcam
So hackers can now use magic. Good to know.

>> No.37746903

~Every chipset can be flashed, for upgrading purpose.
And it's almost always one of the 10 generic chipset made in russia apparently.

>> No.37746928

Hey guys, I've made a virus that infects computers via photos emitted by the sun.

>> No.37746954


uh, no, your an idiot

>> No.37746970

OP here.

So you guys think this is real? Is it time to panic now and delete all my horseporn before somebody finds it?

>> No.37746978
File: 52 KB, 239x306, 1374927054981.jpg [View same] [iqdb] [saucenao] [google] [report]

>not a virus that uses electromagnetism to take over smartphones with the sensor they have

>> No.37746985

> your an idiot
You're. You are.

And sometime you buy hardware that isn't supported by your BIOS, and it's either buy a whole new fucking motherboard or flash your BIOS. Everyone can't afford a new computer anytime.

>> No.37747014

Just keep your horseporn in a TrueCrypt container, don't open it, and wait until we know more.

But if it's really 3 years old and nothing happened yet, then they just don't care about your horseporn.

>> No.37747024

>skull drawn on the boot menu
>gee I wonder if it is a virus or not

>> No.37747031

How are you supposed to sandbox this without bricking your hardware?

>> No.37747039

Actually all these new sensors in smartphones is a gold mine for people who want to exploit them. A lot of new methods are theoretically possible with them. The more different kinds sensors, the more the more theoretical possibilities there are to create stuff like this.

>> No.37747042

tfw reading this then turning off your ceiling fan and your speakers make a noise

>> No.37747046

That's just a shop.
I can tell by the pixels and having seen quite a lot in my time.

>> No.37747059

Would this thing be able to collect info on activities of the infected and send it somewhere else?

>> No.37747062

newfag confirmed

>> No.37747079

You can always reflash bricked hardware if you have the expensive hardware to.


Lurking since mid 07.
It's just not funny anymore.

>> No.37747089

wow trolled so easily

>> No.37747121


There is an ongoing debate on whether or not TrueCrypt and AES are NSA safe. The NSA don't give a shit about your horse porn, but don't think for a second that it's 100% safe. NSA have been at the forefront of mathematics for decades, there are reason to believe that progress have been made in removing several orders of magnitude off of the time required to do analytical attacks on these kinds of encryption, among other things.

>> No.37747133

But from reading the thread and the article, I thought that standard reflashing does not remove this?

It essentially turns your hardware into a zombie? I don't know I kind of want to play around with it but my computer is expensive. I might do it on a throwaway lenovo I have laying around.

>> No.37747147

Can the PC speaker that is used bu the MB to report error codes be hacked into sending out inaudible signals?

>> No.37747154

Is one of the symptoms shutting off the computer at night without being asked, or is that just loose wiring in my case?

>> No.37747156

Most of everything is built on legacy freeware from the 80s and 90s
I wonder this didn't happen earlier

>> No.37747158

Yep. Just use the AES+Twofish+Serpent setting if it's just to store your horseporn safely.

The Truecrypt binairies have been confirmed for matching the source.

Now we just need to finish auditing the source and finding better than AES.

>> No.37747180

> I thought that standard reflashing does not remove this?
Because it manages to copy itself somewhere else, we just don't know where exactly.

But if the malware can flash itself inside, then you can always flash the original firmware back by the same means.

>> No.37747198

Pretty clever stuff.

>> No.37747202

It's not a symptom. Check if your computer is not overheating.

>> No.37747237

That's a setting in every modern OS you illiterate baboon

>> No.37747239
File: 27 KB, 514x263, 11-01 17_44_47-dragosr (dragosr) sur Twitter.jpg [View same] [iqdb] [saucenao] [google] [report]

The Ars team is going to take a look at Dragos's findings, but can't confirm anything yet.

>> No.37747245

Just how hard is it to figure out how it works? Can't they just do a bios dump and compare it to the official manufacturers copy?

>> No.37747249


That doesn't provide plausible deniability though. Not to mention that unless you download it onto a ramdisk and never write anything to disk you are at risk of not being able to erase the disk properly. If you use an SSD it's even more uncharted territory if you ever write unencrypted data to it. Not to mention that your VPN is probably the first thing to break down if someone is hell bent ot catching you. TOR is obviously a no go. Also, keys can be extracted from RAM for up to 30 seconds after shut down so make sure you have thermite at hand everytime you open your truecrypt container.

>> No.37747273

why not deban the drive, remove the CMOS battery, and just reflash stock BIOS like 20 times over?

Shit, it might be. Sometimes I leave Minecraft on overnight on accident and it's pretty intensive, even if it is just on the main menu because java

>> No.37747285


Probably encrypted and shit too. So you need to extract information from RAM, BUS communication etc. You can probably emulate hardware in software though, I'm sure NSA have entire government programs for that.

>> No.37747297

No one cares this much about your horse porn.

I'm talking about encrypting it safely inside a Truecrypt container and not touching it again. Just storing.

Reencoding in .webp or a weird/new format can help since most forensics tools are outdated as fuck and can't detect them.

>> No.37747320

> why not deban the drive, remove the CMOS battery, and just reflash stock BIOS like 20 times over?

He tried. Then reinstalled a vanilla Windows8 that was checked to be clean against the MSDN source, and the infection came back anyway.

>> No.37747351

yeh, but just because a scan said it was all good does not mean it wasn't still in there somewhere.

>> No.37747368
File: 269 KB, 451x720, 1375546924689.png [View same] [iqdb] [saucenao] [google] [report]

So, what? This shit is the next Red October?

>> No.37747382

> but just because a scan said it was all good does not mean it wasn't still in there somewhere.
It's not a 'scan', he checked the MD5.

>> No.37747422


I know, I'm just theorizing. Truecrypt might be broken in the future, so it's not a guarantee. Re-encoding won't do much unless they are retards. I say the safest method is to learn a memorization technique and memorize the binary code of the images in your head and just retype them in a hex editor and rebuilt the images whenever you need to see the pictures. Might severely restrict the resolution of them though because of the character limit, but the world record is 67,890 characters so that should give you five whole 100x100 pixel images stored 100% fool prof. Unless you are captured and they force it out of you..

>> No.37747448
File: 68 KB, 384x494, you-gonna-get-raped.jpg [View same] [iqdb] [saucenao] [google] [report]

TFW the NSA is using Van Eck phreaking to detect your monitor signal right now from their van outside your house.

>> No.37747449

> the world record is 67,890 characters
I can't even anymore.

>> No.37747471



>> No.37747488
File: 57 KB, 417x413, qothr8n[1].png [View same] [iqdb] [saucenao] [google] [report]

Can I join?

>> No.37747495

So, what is the target for this thing?
Military bases?

>> No.37747500

Seems much worse, since IIRC Red October was still on the OS level.

The blowback from RO was mostly due to who was being targeted and how systematic the targeting was.

>> No.37747501

> Can't they just do a bios dump and compare it to the official manufacturers copy?
He did. It's just not easy to analyze a whole BIOS dump.

Some faggot from reddit tried and didn't found anything.

>> No.37747519

>not just taking over all electronics globally with tetrahexcedecimal-electromagenancy

>> No.37747522

Just imagine a whole organization ANYWHERE being infected with this and how much it would cost to get it removed.

>> No.37747527

Could be anyone. It looks like the next big cyberweapon.

Only the best experts even managed to notice it. In 3 years.

>> No.37747536

>It started about three years ago, when Ruiu noticed an isolated machine behaving very strangely.

>Even though the laptop wasn’t connected to a network with any other badBIOS-infected systems, it was physically close to some.

It clearly did not collect the virus when it was connected to the network because it wasn't on the network.

>> No.37747549

Or just use the rotational velocidensity of the SSD on the device to degrade files into viruses.

>> No.37747551


Hmm. If you scale an image to such dimensions that you can break the image into 67,890 20x1 pixel strips and just memorize the pattern for aligning them properly you can increase the res 20 fold. To brute force it would be hard, the number of permutations would be astronomical. Assuming the attacker have no access to the original image. Algorithms for grouping some colors (like flesh tones) could limit the sample space though..

>> No.37747569

Original infection vector is believed to be USB/CD.

>> No.37747571

He confirmed it was being transferred through USB devices.

>> No.37747573

>Only the best experts even managed to notice it. In 3 years.

Could because it didn't infect that many people..

>> No.37747583
File: 11 KB, 300x105, screen-shot-2013-08-29-at-10-46-38-am[1].jpg [View same] [iqdb] [saucenao] [google] [report]

problem, apple?

>> No.37747598

A malware that can't be removed, spreads by at least USB, CDROM, and probably network too ?

>> No.37747609



Although, why haven't viruses based on genetic algorithms been made yet? They could harness the compute power of the botnet to perform permutations and test the viability on the machines on the network to gather data. Over time it could evolve and change

>> No.37747631

Moral of the story, don't plug in usb drives

>> No.37747633


It can be removed, and it spreads locally but not on line. If it did spread globally the traffic would have been picked up fast.

>> No.37747637

Yes. This apparently combines every known infection vector for x86 machines as well as self-healing capabilities by utilizing ultra-sonic ad-hoc networks to communicate with other infected machines.

>> No.37747665


Sums it up pretty good. All that's missing now is the ability to change and adapt based on a changing environment.

>> No.37747678

> the traffic would have been picked up fast.
Since it's ok with 100B/s audio communication, the traffic generated must be pretty limited.

And it seems to use a weird IPv6-ish like protocol, not something widely monitored.

We don't know yet if it spreads by the network, but I wouldn't be surprised.

>> No.37747679
File: 1.04 MB, 720x900, kek.png [View same] [iqdb] [saucenao] [google] [report]

>this thread

>> No.37747722
File: 448 KB, 455x395, 1374351043728.png [View same] [iqdb] [saucenao] [google] [report]

>ars technica

>> No.37747737

This is going turn out to be a mass scale psychological experiment isnt it?

>> No.37747742



>> No.37747753
File: 219 KB, 1280x720, Untitled.jpg [View same] [iqdb] [saucenao] [google] [report]

so we're doing this now?

>> No.37747771

>dragos ruiu
>has "malware" for 3 whole fucking years
>doesn't say anything about it
>mentions copernicus bios verification tool on twitter
>begins the saga of the badBIOS malware

good story but i don't buy any more than that.

can't wait until /g/ starts wrapping their computers in aluminum foil

>> No.37747775

That's what I thought at first, too many things are strange.
It should be easy to pick up, he just need a microphone. Yet he's not posting those audio packets.

But now I just want to know.

>> No.37747795
File: 1 KB, 289x27, Untitled.png [View same] [iqdb] [saucenao] [google] [report]



>> No.37747798

>doesn't say anything about it
But he did. It just wasn't all over the news.

>> No.37747828

>wrapping their computers in aluminum foil

nah m8, just have to remove bios speaker, rootkit and everything it installs, then remove bios chip itself and solder a new one onto mobo

>> No.37747850

Question is.
What's the payload?
And when?

>> No.37747886

three years since this infection is now hypothesized to have begun. Merely a couple of weeks since the analysis has been going on.

>> No.37747904

We don't know. There's a BIOS flashing, kernel-mode rootkits and weird TTF files involved so far.

>> No.37747934
File: 56 KB, 523x594, 11-01 18_20_11-dragosr (dragosr) sur Twitter.jpg [View same] [iqdb] [saucenao] [google] [report]

Dragos is running more tests and will probably bring more infos soon.

>> No.37747936
File: 460 KB, 2592x800, 1272604670142.jpg [View same] [iqdb] [saucenao] [google] [report]


>> No.37748133
File: 276 KB, 512x368, 1376407178915.png [View same] [iqdb] [saucenao] [google] [report]

I can't wait for this shit to leak out and wreck havoc across the world.

>> No.37748156

It's been here for 3 years already.

>> No.37748161

The internet is alive and it wants to exterminate the human race


>> No.37748227

why do they wear such rediculously tiny hats?


>> No.37748249

anyone who belives in this story should also take up a fundamentalist religion. It's like someone saying their car is running without gasoline and they can make calls without a sim card

>> No.37748250

Why not is what I must ask.


>> No.37748498

>remove BIOS (UEFI) chip
>get new one
>tfw I should have used coreboot

>> No.37748952

>You don't get it, it appears to copy itself everywhere, in the keyboard/webcam/system controller/whatever, and in whatever OS you boot.
Now that thing flashes into every device controllers on earth without bricking them? Gosh this must be one fucking huge virus!

>8mb ttf file

>> No.37748981

Everything is not in the TTF files.
And we don't know yet what other hardware it can flash, but a lot of firmwares are the same.

>> No.37749037

You don't get it. It implements a self replicating self bootstrapping environment that also happens to implement a complete network stack from nothing in order to preserve itself. And all that by fitting in the tiny eeproms you have in your devices, while still allowing them to function as they would normally.

Is this thing called Windows?

>> No.37749060
File: 81 KB, 580x202, alsa_hq.png [View same] [iqdb] [saucenao] [google] [report]

I just hope it doesn't use ALSA for the audio stack.

>> No.37749077

Silly anon, that's not how malwares work.

The 'tiny eeprom' first contains the first stage, then when you boot the first stage install the OS rootkit, wich downloads the second stage, including the TTF files, and everything else.

>> No.37749104

Yes, and all this fits in a carefully crafted USB drive.

>> No.37749120

>wich downloads the second stage
From a mysterious invisible C&C server?

>> No.37749137

The first stage does.

It's just assembly, not luashit or whatever script people use these day. Of course it fits on a USB drive.

>> No.37749143
File: 65 KB, 580x346, 1370057547229.jpg [View same] [iqdb] [saucenao] [google] [report]


>> No.37749185

> From a mysterious invisible C&C server?
We don't know yet. Maybe there's no C&C and it's all a huge P2P network.
Maybe there's a c&c over Tor. Maybe the weird ipv6-ish protocol calls back to a random domain in russia.

>> No.37749217

>huge P2P network
I want to believe.

>> No.37749644
File: 11 KB, 516x131, twitter..jpg [View same] [iqdb] [saucenao] [google] [report]

Dragos will be releasing some BadBIOS samples soon.

>> No.37749743

>20 kHz modulated audio signal
>best case, 11,000 baud
>itty bitty microphones' sensitivity goes to shit around 15kHz

Ya know what? I call bullshit.

>> No.37749746

chipsets of every computer since 2004 are rootkit'd


>> No.37749821

No no no, really, just listen at yourselves /g/.

A malware that can infect ANYTHING, that is prepared for every kind of BIOS and rewrites every firmware to infect it. It can infect computers, flash drives, OS, keyboards, webcams, mouses, fridges... and you barely notice it's there, because all of your firmware has been perfectly infected, fused with an all-powerful virus that can bypass everything in just a few kilobytes or megabytes, the size of a BIOS. It even includes 8MB fonts specially prepared for Windows systems, but they are perfectly stored inside the BIOS because they invented some kind of infinite compression algorithm. It makes a buttnet with other infected computers and it even can control speakers and microphones to continue being in contact with other systems plugged off from the web (something unlikely, but they covered this possibility because of reasons). Shit, it can even improve the quality of the average speaker or microphone to detect frequencies they shouldn't be able to detect, and it's prepared for some piece of software only a few computers have (microphones are only common in laptops). They coded this feature even when it was completely unlikely that a computer that had microphone and speakers included but no Internet connection was near other BadBIOS-infected devices. It can even inject itself when you are burning a new CD, and if they tested this fucking mental masturbation it surely also injects itself when compiling binaries without mattering the language it's written on or the target architecture, because this malware is friggin' awesome!

And I repeat, all of this can fit inside every BIOS without breaking it.

And we just noticed now, after three years of its release.

This is either a bad (but elaborated) Halloween prank or a Pluto's kiss-tier malware created by the Illuminati in collaboration with the Reptilians.

I sincerely doubt this is a real thing.

>> No.37749951

late april fools?

>> No.37749978

Nah, it's just in time for a spooky scary technology terror tale.

>> No.37750023

how do I infect myself with it
I want to see this for myself

>> No.37750035

you already are

>> No.37750079

Download the 900MB CD files, burn on a CD, reboot.

Download the TTF files, put them in the Windows Font folder, and preview them in explorer.

>> No.37750141

remember that evil country in the middle east which computers where infected by something..this is a key

>> No.37750154


>> No.37750196


>> No.37750233

Oh shit man, you just posted the URL! Now we are all infected!!!!!

>> No.37750350

it's worth it when you program the payload to steal a billion credit card numbers, amirite?

>> No.37750379

Yep. But you already need to be pretty talented to attempt this.

If this is confirmed to be true, they'll have the whole planet trying to find them.

>> No.37750477
File: 32 KB, 565x359, Screenshot - 11012013 - 12:43:58 PM.png [View same] [iqdb] [saucenao] [google] [report]

Train kept a rollin, all night long

>> No.37751017


Name (leave empty)
Comment (leave empty)
Password [?]Password used for file deletion.