Rootkits and Malware Getting Better

Lrrpie-CT · 03-05-2007, 12:44 PM

For those interested:

http://www.eweek.com/article2/0,1895,2099603,00.asp

A bit esoteric but scary!

Wycke · 03-05-2007, 01:14 PM

Yeah, scary is right. Considering what's involved in updating firmware on motherboards (typically you need to boot to a floppy or CD - it can't be done within Windows), at least nowadays, this probably isn't going to be a real immediate threat. However, lots of other components have firmware - everything from video cards to network cards and even CD or DVD drives. Malicious code could be embedded in any one of them, and most of those are updateable from within a running OS. Also, in many cases, re-flashing a device with older firmware is a dicey and often futile process. Still, some degree of social engineering would probably be employed in spreading it - mass e-mails warning all Dell Dimension owners of some critical bug in their systems' firmware: "Click HERE for the fix" kind of stuff. It's easy enough for hackers to make the message appear to be a genuine Dell technical alert (though most average users don't realize that Dell doesn't send out technical alerts via e-mail), and these same users are often gullible enough to follow the link and install the bogus firmware.

DarkStar · 03-05-2007, 01:40 PM

Some motherboard manuf. have windows utilities to update the MB Bios from within windows (Asus & MSI, IIRC; probabily others). THe idea of using such software is rather scary but i'm sure it'll be much more common in the future.

If these kinds of attacks become more commonplace we may be forced back into the use of hardware level dipswitches to protect the bios. Dam hackers. Looks Like TPM setups will get some free publicity out of this.

-MR

Azzy · 03-05-2007, 01:56 PM

Abit started the windows BIOS flash in the Nforce2 days.

(side note.. the abit bioses had too much info for the chipset to pass along to the bios, thus corrupting your bios and making re-booting a non option)

Kindred · 03-05-2007, 03:05 PM

Ugh!
"Thanks" to all those manufacturers who thought it would be a good idea to allow easy updates to their bios w/ the OS running!

Christian Nelson · 03-07-2007, 02:25 PM

Why would one need to update firmware?

I have never understood this.. The whole point of ROM is that it is "READ ONLY"!!

If it isn't broken, don't fix it.

If it isn't ready to sell, don't sell it.

If you can't make it right when it hits the market, don't sell it to people.

Gah, I guess I am a hardware guy at heart. I have never understood why most of the OS isn't run in ROM, and only applications would need to have access to the hard drive.

OS should be minimal, and you should have to ask it to do stuff, or at least have an easy way of shutting off everything you don't want running.

Every process running should be required to have an explenation of what it is doing, and why it is using resources.

I think I am gonna start using bootOS CD's on more of my machines.

DarkStar · 03-07-2007, 02:40 PM

Last OS I remember shipping in ROM was on my Commadore 128

Christian you'd be stuck in the stone ages if you demanded ROM from a modern OS.

I'm happy to have the ability to update features and get bug fixes for my hardware. Otherwise everything would be exponentionally more expensive and would have to get tossed if you needed a new feature. Hell even CPU's get updates via micro-code updates.

-MR

incynr8 · 03-07-2007, 02:44 PM

Quote:

Originally Posted by DarkStar

Last OS I remember shipping in ROM was on my Commadore 128

-MR

Amiga Kickstart, Late Ataris, besides current imbedded handhelds and thinclients.

Christian Nelson · 03-07-2007, 02:45 PM

I am aware of why there is a supposed need for updates.

You don't have to make it as easy as they have, now the hackers have yet another tool to wreck junk with.

Frankly, the core OS layer hasn't changed much, Mac OS was doing what windows, and mac OS's are doing today back in the 80's on part of an 800k floppy.

The rest could be done on the application layer, and could be modified and changed in that fashion.

updates nowadays too often are done because the marketing section of these companies is further ahaed than thier engineering section as far as funding, and preparendness and investment, and they release half done products all the time, and have done it for so long, that we have come to expect it.

It is rediculous if you think about it.

Azzy · 03-07-2007, 03:17 PM

Lots of motherboard firmware updates either allow you to tweak better, or add hardware that wasnt produced when the motherboard was.

It is usually used for minor bug fixes and the adding of CPUs to the list of supported processors.

Plus, with PC's, the amount of combos possible makes it almost impossible to predict what every mobo / vid card / cpu / ram combo will do.

Thats about the only upside to the mac compatibility issue, at least in my eyes.

03-05-2007, 12:44 PM	#1 (permalink)
Lrrpie-CT See Matt Mod. Join Date: Mar 2006 Location: Bethlehem CT Posts: 2,631	Rootkits and Malware Getting Better For those interested: http://www.eweek.com/article2/0,1895,2099603,00.asp A bit esoteric but scary!

03-05-2007, 01:14 PM	#2 (permalink)
Wycke Supernatural Anaesthetist Join Date: Apr 2006 Location: The Plaines of Celestia Posts: 1,392	Yeah, scary is right. Considering what's involved in updating firmware on motherboards (typically you need to boot to a floppy or CD - it can't be done within Windows), at least nowadays, this probably isn't going to be a real immediate threat. However, lots of other components have firmware - everything from video cards to network cards and even CD or DVD drives. Malicious code could be embedded in any one of them, and most of those are updateable from within a running OS. Also, in many cases, re-flashing a device with older firmware is a dicey and often futile process. Still, some degree of social engineering would probably be employed in spreading it - mass e-mails warning all Dell Dimension owners of some critical bug in their systems' firmware: "Click HERE for the fix" kind of stuff. It's easy enough for hackers to make the message appear to be a genuine Dell technical alert (though most average users don't realize that Dell doesn't send out technical alerts via e-mail), and these same users are often gullible enough to follow the link and install the bogus firmware. __________________ Porch Monkey 4 Life! s'ok...I'm takin' it back... My Feedback Thread

03-05-2007, 01:56 PM	#4 (permalink)
Azzy Mod-O-Rator Join Date: Mar 2006 Location: Finleyville, PA Posts: 6,948	Abit started the windows BIOS flash in the Nforce2 days. (side note.. the abit bioses had too much info for the chipset to pass along to the bios, thus corrupting your bios and making re-booting a non option) __________________ Bryan "Azzy" Spiegel webmaster - Riverside Renegade Paintball / C.C. S.V.S. Plankowner - LPPC#6 Check out VintageRex.com, the premiere paintball museum "A Patriot and free-thinker with respect to social standards in 1760, is today's traitor and dangerous mind." - incynr8

03-05-2007, 03:05 PM	#5 (permalink)
Kindred Mod & Underwear Model Join Date: Mar 2006 Location: Neshanic Station, NJ Posts: 1,957	Ugh! "Thanks" to all those manufacturers who thought it would be a good idea to allow easy updates to their bios w/ the OS running! __________________ Strive for that moment when you're only a slice of pizza and a hooker away from paradise. -------------------- Little boxes on the hillside, Little boxes made of ticky tacky

03-07-2007, 03:17 PM	#10 (permalink)
Azzy Mod-O-Rator Join Date: Mar 2006 Location: Finleyville, PA Posts: 6,948	Lots of motherboard firmware updates either allow you to tweak better, or add hardware that wasnt produced when the motherboard was. It is usually used for minor bug fixes and the adding of CPUs to the list of supported processors. Plus, with PC's, the amount of combos possible makes it almost impossible to predict what every mobo / vid card / cpu / ram combo will do. Thats about the only upside to the mac compatibility issue, at least in my eyes. __________________ Bryan "Azzy" Spiegel webmaster - Riverside Renegade Paintball / C.C. S.V.S. Plankowner - LPPC#6 Check out VintageRex.com, the premiere paintball museum "A Patriot and free-thinker with respect to social standards in 1760, is today's traitor and dangerous mind." - incynr8

03-07-2007, 02:25 PM	#6 (permalink)
Christian Nelson MCB Member Join Date: Apr 2006 Location: Spring Valley, WI Posts: 2,143	Why would one need to update firmware? I have never understood this.. The whole point of ROM is that it is "READ ONLY"!! If it isn't broken, don't fix it. If it isn't ready to sell, don't sell it. If you can't make it right when it hits the market, don't sell it to people. Gah, I guess I am a hardware guy at heart. I have never understood why most of the OS isn't run in ROM, and only applications would need to have access to the hard drive. OS should be minimal, and you should have to ask it to do stuff, or at least have an easy way of shutting off everything you don't want running. Every process running should be required to have an explenation of what it is doing, and why it is using resources. I think I am gonna start using bootOS CD's on more of my machines.

03-07-2007, 02:45 PM	#9 (permalink)
Christian Nelson MCB Member Join Date: Apr 2006 Location: Spring Valley, WI Posts: 2,143	I am aware of why there is a supposed need for updates. You don't have to make it as easy as they have, now the hackers have yet another tool to wreck junk with. Frankly, the core OS layer hasn't changed much, Mac OS was doing what windows, and mac OS's are doing today back in the 80's on part of an 800k floppy. The rest could be done on the application layer, and could be modified and changed in that fashion. updates nowadays too often are done because the marketing section of these companies is further ahaed than thier engineering section as far as funding, and preparendness and investment, and they release half done products all the time, and have done it for so long, that we have come to expect it. It is rediculous if you think about it.