Posted on 02/17/2015 7:03:37 AM PST by BenLurkin
The malware reprograms the hard drives firmware, creating hidden sectors on the drive that can only be accessed through a secret API (application programming interface). Once installed, the malware is impossible to remove: disk formatting and reinstalling the OS doesnt affect it, and the hidden storage sector remains.
Theoretically, we were aware of this possibility, but as far as I know this is the only case ever that we have seen of an attacker having such an incredibly advanced capability, said Costin Raiu, director of Kaspersky Labs global research and analysis team, in a phone interview Monday.
(Excerpt) Read more at pcworld.com ...
I’m guessing that degaussing and then reformatting will fix it.
Depending on whether the virus firmware allows the hard drive's firmware be further modified. It might prevent further changes unless you actually pull the hard disk out and reprogram it at the hardware level. I've worked on other hardware that had its bootloader programmed in the flash chip and sometimes when I put in a new bootloader which didn't work. I scapped the boards because I would have had to desolder the chip and program it off board to get it working again and it wasn't worth the time.
Thanks BenLurkin.
Good idea, SpinRite would clean it up.
Of course, switching to a SSD would also probably eliminate the problem.
https://www.grc.com/sr/spinrite.htm
Nope.
You have to replace the infected hard drive. The malware is embedded in the hard drive itself.
The sophistication level of this malware suggests a government is behind it - and they can monitor you without your knowledge.
Rather than have two physical computers just run one.
Have a Windows Desktop(if you prefer), and run a Linux(or Windows) Virtual Machine to go online with. If you need to download/save anything from your online session, use removable media, or network storage of some kind. When you’re done with it, just revert the VM to snapshot(a pristine copy of the VM). Since you saved any data to removable media/network, you won’t lose anything when you go back to the snapshot.
That’s a pretty solid setup. I doubt it would help anyone with the exploit written about on this thread though.
That’s actually a very good idea.
What should a low-tech-guy like me do?
At some point, does a Mac look like it’s worth paying for as a safer bet than a Windows PC?
Sounds like Still Thinking’s Low Level Format With Extreme Prejudice: Open the drive, remove platters and shred (requires fairly heavy duty shredder).
Shades of those old floppy-only PC's from the late 80s! ;)
But that’s the beauty of 308; you can destroy disks that are 500 yards away!
How far back does this discovery lead? Might it lead back, to the time of the immaculation of this Queer-In-Charge in 2009?
That’s not what “cleaning” means in the digital world! :-) /s
Or for that matter, for those of us who can handle soldering irons, get a new chip and blow it with the latest code, provided of course the code is not already compromised.
Not if the code is in the firmware.
Lpl! You csn.
they should find out who made this stuff and shoot them
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.