Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FINALLY!


  • Please log in to reply
27 replies to this topic

#1 bwrighttwo

bwrighttwo

  • Members
  • 717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:16 AM

Posted 31 July 2014 - 02:31 PM

After over 2years of chasing an issue that no one seems to see. I think they are finally getting somewhere. What do you do now if this is your problem. Read this: http://arstechnica.com/security/2014/07/this-thumbdrive-hacks-computers-badusb-exploit-makes-devices-turn-evil/



BC AdBot (Login to Remove)

 


m

#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,582 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:16 AM

Posted 31 July 2014 - 05:03 PM

Dubbed BadUSB, the hack reprograms embedded firmware to give USB devices new, covert capabilities...BadUSB-corrupted devices are much harder to disinfect. Reformatting an infected USB stick, for example, will do nothing to remove the malicious programming. Because the tampering resides in the firmware, the malware can be eliminated only by replacing the booby-trapped device software with the original firmware. Given the possibility that traditional computer malware could be programmed to use BadUSB techniques to infect any attached devices, the attack could change the entire regimen currently used to respond to computer compromises.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 11,723 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:07:16 PM

Posted 31 July 2014 - 10:15 PM

Bad Usb, Good thing I hardly ever use 1. Like most things this needs to get onto your PC or USB first, And the only way it can do that is if you allow it thru lax PC security.


Edited by NickAu1, 31 July 2014 - 11:30 PM.


#4 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:06:16 PM

Posted 31 July 2014 - 11:30 PM

Only in the sense that it is NOT in the wild. This is a possible attack, unlike BadBIOS...


Edited by TsVk!, 31 July 2014 - 11:34 PM.


#5 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:06:16 PM

Posted 01 August 2014 - 03:05 AM

You changed your post Nick and now mine makes no sense...



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,582 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:16 AM

Posted 01 August 2014 - 07:03 AM

The author of that article writes...

The capabilities of BadUSB closely resemble the mysterious badBIOS malware security consultant Dragos Ruiu said repeatedly infected his computers.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:06:16 PM

Posted 01 August 2014 - 07:37 AM

Software guys know little about BIOS firmware...

 

this article has lost its formatting since publishing, still... read and learn. BadBIOS is imaginary.

 

edit: this is a guy who has written bios code.


Edited by TsVk!, 01 August 2014 - 08:03 AM.


#8 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:06:16 PM

Posted 01 August 2014 - 08:22 AM

I may have to eat my thongs in the future... but  I sincerely believe that firmware attacks are limited to high profile machines and significant targets, right now.



#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,582 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:16 AM

Posted 01 August 2014 - 08:36 AM

Malware writers would much rather target a large audience through social networking where they can use sophisticated but less technical means.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 bigrobifer

bigrobifer

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 01 August 2014 - 05:07 PM

What about a worm infection that mounts itself onto the usb port from an irq?  After reading alot about the badbios thing i agree with bleeperizer on both counts, even though i'v found chinese character scripts that scream print here and there when translated with google and bintext shows certain logs with apperant scripts for credit card info gathering specific to flowershop on facebook-my girl plays all the time. Anyone interested in following what comes of this you can check these out. I believe its just an unknown variant of mebroot that uses hfs as hidden file system and runs scripts instead of executables.

https://forum.avast.com/index.php?topic=153041.0

https://forums.malwarebytes.org/index.php?/topic/154198-wow/



#11 badBiosVictim

badBiosVictim

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 05 August 2014 - 09:38 PM

TsVk!; firmware attacks are not limited to high profile machines and significant targets. Read r/badBIOS subbreddit of reddit.com. bwrighttwo, to answer your question, if your computer is infected with BadUSB or BadBIOS, there does not appear to be a method of safely copying personal files to a replacement air gapped computer. For an updated definition of air gap, see /r/BadBIOS subreddit of reddit.com. A compromise may be to keep personal files on an infected 'air gapped' computer and have a second computer that has its microphone, conductive speakers and piezo electro transducer removed to connect to the internet that does not have older personal files on it.

#12 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:06:16 PM

Posted 05 August 2014 - 09:44 PM

sigh... :mellow:



#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,582 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:16 AM

Posted 06 August 2014 - 07:03 AM

At the moment, it's highly unlikely you will encounter a BIOS-level scenario as it is not practical for attackers to use such an exploit on a grand scale. As I said malware writers would much rather target a large audience through social networking where they can use sophisticated but less technical means.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 badBiosVictim

badBiosVictim

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 06 August 2014 - 07:44 AM

quietman7, are you unfamiliar with Edward Snowden? If not, why ignore nation-state hackers? NSA developed numerous BIOS rootkits, including BIOS rootkits that uses its FM radio transceiver/radio beacon implants. Some of NSA's BIOS rootkits are described in:

http://www.reddit.com/r/badBIOS/comments/2aisn3/badbios_is_not_genie_genie_requires_a_fm_radio/



#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,582 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:16 AM

Posted 06 August 2014 - 07:55 AM

I am familiar and I am not ignoring anything...just noting that at the moment, it's highly unlikely you (average home user) will encounter a BIOS-level scenario as it is not practical for attackers to use such an exploit on a grand scale.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users