Posted on 12/04/2020 8:35:07 AM PST by BenLurkin
A combined team of security experts from Advanced Intelligence and Eclypsium has announced that the Trickbot trojan malware now has the ability to modify a computer's Unified Extensible Firmware Interface—the interface between the firmware on a computer motherboard and the computer's operating system—in this case, Microsoft Windows.
Trickbot has been in the news of late due to its advanced capabilities. It has a modular design and is notable for its ability to gain administrative capabilities on infected computers. The entities behind the creation of the trojan are believed to be criminals in Russia and North Korea, and they have used it to target telecoms, health care firms, education institutions and even infrastructure operators (quite often in the form of ransomware).
When a computer boots up, the UEFI and firmware work together to bring up the operating system—if nefarious code has been embedded in the firmware, it can load its own software modules or even modify the operating system as it loads. Such modules would then go undetected by conventional antivirus software and would not be overcome, even if the hard drive were wiped clean or replaced altogether.
(Excerpt) Read more at techxplore.com ...
This sounds as insidious as rootkits and harder to deal with. Perhaps the time has come for Windows users to consider “burner computers” like criminals dispose of cheap telephones...if they won’t move to a more secure operating system.
Remote BIOS and FW update deliver was not a good change. Maybe corporate IT thinks it is but it isn’t.
Microsoft Windows!
So does it modify the ROM?
Interesting point.
I did a search for more articles on Trickbot and Trickboot and noticed something in common with every one of them: they don’t identify the vulnerable OS by name. Instead they refer to “the OS” exclusively when describing how the malware operates.
We are left to assume that only Microsoft is affected but since this particular malware attacks the motherboard firmware first it is reasonable to conclude that any OS is potentially vulnerable (since the malware has access to modify the OS system files before the OS is booted).
I made this same comment to a couple of the articles and will post if they respond.
Hi.
Trust voting by the internet they say.
Trust the DOJ and FBI they say.
Trust the media they say.
My trust rest in God, guts and guns.
5.56mm
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.