[Misiur]

98% of viruses you meet everyday are written by terrible coders, are using known exploits, usually target only windows - and what might be surprising they still work (botnets with millions of computers). Anyway, simple up-to-date AV, patched software and using computer with caution will protect you from them.

But then, there is that 2%, government sponsored or simply written by brilliant people, low-profile and with really narrow scope.

Recently I've read about malware piece called badbios (overwiew) - it sounds like a sci-fi story material, and we'll treat it as such for now. I've followed the referenced articles though, and what I've found frightened me a lot.

Let's start with microsoft research paper (written in 2006 - 7 years ago):
http://research.microsoft.com/apps/p....aspx?id=67911
Virtually undetectable, cross-platform stuff running own hidden system. That shit is scary.

Ok, but format will take care of it? If that's all, yeah.

http://cansecwest.com/csw09/csw09-sacco-ortega.pdf - bam! Bios infection. Now you've got even higher level of control, formatting the HD won't help your victim.

"But I'm a responsible user! How can I get infected?". Sticking your brand-new made-in-China pendrive into your USB drive is enough (buffer overflows while reading data from usb is really, really common)

Are you paranoid yet? What are your thoughts? What defense mechanisms would you propose? How seriously do you take your data security?

Disclaimer:
I don't say that AV is unnecessary, it still will protect you from 97% of threats, and I'm almost certain you aren't of high enough value target for government to get your own personal virus.

[Sublime]

So.. What does the virus do to my BIOS if it reaches and infects it? And is there any way to remove a malware in BIOS?

[-Prodigy-]

I have never used anti-virus, anti-spyware and all that bullshit since IIRC 2005, CommonSense.exe takes care of my PC. Also, to worry less about viruses, try linux.

[Misiur]

@-Prodigy-:
I've written custom thingy to check all registry /run-like folders, so I manually check if anything wants to run on startup without my consent. Also I've got whitelist of programs allowed to run and I'm using EMET. Enough for normal consumer. As you can read in that article it was working on BSD and *nix flavoured systems as well.

I'm sort of whitehat (so far only fixing XSS'es and SQLi's in bug bounties) and I should know better to use some linux distro, but I like my windows too much

@Sublime: It spreads further via pendrives, cd-roms, internet and (supposedly) computer speaker. And what's funny, it doesn't do anything harmful, but is constantly connected to some operator on the other side - I'd say it's botnet-y like behaviour.

[Sublime]

You mean, ability for the operator on the other side to have remote control over my computer? This is too bad, I'm breaking my PC's parts, be right back !

[Mauzen]

Nah im not paranoid about malware. Id say im quite good in fixing virus related problems as Ive been doing this for 15 years, so incase Id catch some infection im pretty confident that I could fix it myself. But its rather about not even catching one. Most stuff can be prevented by not following stupid looking links, and not visiting suspicious websites. Reading some computer news also helps as they often report about exploits, so you know what to evade.
Just by this, I never got malware/viruses since im online. Ironically all malware I had myself so far came in on infected CDs/floppies long before I even knew about the internet (FYI this was when barely anyone had a computer, let alone a modem)


By the way, Stuxnet recently reached the ISS, our viruses are going OUTER SPACE!

[Misiur]

I'd be more worried about Stuxnet hitting Russia directly (as in their nuclear plants) - I can't find right now their response, but I'd get quite mad (and it got to ISS through russian pendrive...)

[linuxthefish]

I don't understand how this can be transferred through speakers?

[Misiur]

http://smus.com/ultrasonic-networking/ - from what I've read it'd have to be some kind of realtek chipset 0day to send the message, I have no clue about receiving stuff though.

There is no confirmation whether the whole badbios it's hoax or not (kind of bigfoot), but alternative communication methods are real fun - for example using computer leds (maybe hard drive activity indicator) to send information, and webcams to fetch it is cool.

[R@f]

Good post, thanks for sharing.

I've heard a few years ago about malware called FinFisher. It's a governmental malware made by a German company called Gamma. Apparently, they paid AV editors to keep the malware undetected. But this same company is offering other surveillance solutions for companies or even internet service providers. They are selling some scary shit (especially the FinFly ISP), you can find some documents on Wikileaks : http://wikileaks.org/spyfiles/list/c...ame/gamma.html

But the computer isn't the only target. Smartphones are a much better source of information (SMS, calls, GPS location, pictures, etc...) and they can be easily infected. From root exploits to fake application and malware injection from a USB charger, your phone is the perfect target. Some people have an anti-virus on their phone, but they are useless in most cases. You can't do much for protecting your smartphone except being vigilant. But the most popular operating systems are made by companies known to have worked with governments. They probably have a backdoor built-in.

Some governments have much more resources allowing them to eavesdrop the network flow of known services such as ****** or directly access to private information of big websites. You know who I'm referring to. Submarine cables are probably wire tapped as they did during the cold war (http://en.wikipedia.org/wiki/Operation_Ivy_Bells) and some stupid law (Patriot Act) allows them to spy on everything belonging or going through American companies even if it's outside the USA.

Governments got all resources they need to spy people, they can do it as they wish and you can't do anything against that. Why do they need such a power ? Do we need to be scared from a small hacker building his own software or a government paying people to spy on citizens ? Are you still not paranoid ? Congratulations then.