Could this be the end of traditional AV and Cloud AV?

[Nico@FMA]

Nzradar, the malware opperates below the firmware level of the bios, and one could say that it corrupts the datachips beyond the limitations set by the bios firmware.
but i honestly could not tell you how what and where, everything right now is in the report.

 

[Nico@FMA]

In light of this new malware, how would it do against a BB, HIPS, Sandboxie, and Comodo Firewall?
Sig based AV's have not impressed me much as far as long-term prognosis goes.

It would penetrate the system in the same way as it penetrates any system regardless of security, as the type of attck is immum to any security on the market. This is starwars compared to any internet security config. And that is the whole point of this report.
Its that serious.

 

[NZRADAR]

Nzradar, the malware opperates below the firmware level of the bios, and one could say that it corrupts the datachips beyond the limitations set by the bios firmware.
but i honestly could not tell you how what and where, everything right now is in the report.

Thanks for your reply n.nvt Well if this is attached to high level military research and development then they might be already working on project 50 while what info surfaces on the net is just project 1. All this shows the magnitude of difference to average current perception of protection, and to those in research of infiltration mechanisms probably like to keep an abyss of distance in leaks of knowledge from public minds. How this "new" malware eventually filters down to effect the average joe one can only imagine or maybe its happening right under our noses and where blind as bats. reminds me of the sort of things that DARPA would be interested in who knows http://en.wikipedia.org/wiki/DARPA_XG
Most probably not but they have a very big range of projects going on http://www.darpa.mil/Our_Work/DSO/Programs/Mathematics_of_Sensing,_Exploitation_and_Execution_(MSEE).aspx

Some of there projects and research http://www.darpa.mil/Our_Work/DSO/Programs/

Thanks for bringing in this topic

 

[Gnosis]

It would penetrate the system in the same way as it penetrates any system regardless of security, as the type of attck is immum to any security on the market. This is starwars compared to any internet security config. And that is the whole point of this report.
Its that serious.

Wow. This news has truly come as a surprise. Think of all the Pentagon/State Department/Department of Defense laptops that will be vulnerable. What if another Snowden walks around these places and utilizes this malicious tech?

Umbra said:

im intimately sure that those kind of malwares are military-created so they are surely already shielded.


I think that adding a chip on the motherboard that will analyze the data streams behaviors by virtualizing them before letting them into the OS is not impossible or too expensive to do

n.nvt said:

I will not deny that i got a very strong feeling about the fact that this could be military created, how ever the research report strongly indicates that the tested streams where not from military origin, so i cannot say yes or no because i obviously do not know, in regards to the 20m range any cell phone or satallite could activate a signal even a modem can, so that makes the range of the signal virtually unlimited.

review:

As the “badBIOS” name implies, it’s a rootkit that burrows in to infect a system’s BIOS [Basic Input Output System]. Supposedly this nasty piece of malware is platform-independent -- capable of infecting Windows, Linux, OS X and Open BSD -- has self-healing capabilities, resists erasure, and uses ultrasonic high-frequency transmissions in order to talk to other infected systems that are completely disconnected from the Internet and all other networks — aka air gap systems.

http://blogs.computerworld.com/malw...ic-and-speakers-pcs-disconnected-all-networks

rebuttal:

But everything “about #badBIOS is completely and utterly wrong,” according to Phillip R. Jaenke, @RootWyrm, an expert in Unix, Storage and Virtualization who has spent two decades dealing with BIOS development and modification. “First and foremost, the very idea that there is some malicious BIOS load that can escape airgapping and is portable is beyond laughable.” He added, “Secondly, the concept that BIOS malware could somehow escape detection is beyond laughable.

 

[Gnosis]

If I could find a way to transmit my tinnitus via speakers, maybe I can thwart this thing.
The way that my ears concurrently ring a hundred different ways is just as impressive as "badbios". lol

http://en.wikipedia.org/wiki/Tinnitus

 

[Deleted member 178]

For now, security researchers are analyzing badBIOS, debating the malware’s next-generation capabilities and deciding if it is a security myth of urban legend status or the malware motherload. But if everything is true, then some nation-state is probably cursing its luck for such a weaponized virus to fall into the hands of a security researcher and therefore the bright spotlight of scrutiny. IfbadBIOS can do all the things that Ruiu claims, then it was surely developed to be deployed for highly targeted attacks.

SKYNET IS ALIIIIIIIIIIIIIIVE !!!!!!!!!

we are doomed !!!!

 

[BoraMurdar]

SKYNET IS ALIIIIIIIIIIIIIIVE !!!!!!!!!

we are doomed !!!!

We all knew those days will come...

 

[Gnosis]

I shall order the Terminator back to active duty in light of this news.

 

[BoraMurdar]

I shall order the Terminator back to active duty in light of this news.

Actually it's time for us to start building one

 

[Deleted member 178]

 

[Gnosis]

Looks like another subsidiary of UmbraCorp. to me. Hmmm

I have a remedy for "bad bios". No speakers, dog whistles or compressed air needed.........

Objective tinnitus

In some cases, a clinician can perceive an actual sound (e.g., a bruit) emanating from the patient's ears. This is called objective tinnitus. Objective tinnitus can arise from muscle spasms that cause clicks or crackling around the middle ear.[18] Some people experience a sound that beats in time with the pulse (pulsatile tinnitus, or vascular tinnitus).[19] Pulsatile tinnitus is usually objective in nature, resulting from altered blood flow or increased blood turbulence near the ear (such as from atherosclerosis or venous hum,[20]) but it can also arise as a subjective phenomenon from an increased awareness of blood flow in the ear.[19] Rarely, pulsatile tinnitus may be a symptom of potentially life-threatening conditions such as carotid artery aneurysm[21] or carotid artery dissection.[22] Pulsatile tinnitus may also indicate vasculitis, or more specifically, giant cell arteritis. Pulsatile tinnitus may also be an indication of idiopathic intracranial hypertension.[23]

http://en.wikipedia.org/wiki/Tinnitus

 

[BoraMurdar]

Terminator vs Resident Evil

 

[Gnosis]

Terminator last seen deep within Mt. Fuji.

 

[Gnosis]

Are we going to start seeing BIOS cloud AV's?? I assume that if the BIOS can be infected in the exclusive fashion that BadBios does it, some state-of-the-art AV product will eventually be able to be installed for the BIOS.

Here is some more good information: http://www.theregister.co.uk/2013/12/05/airgap_chatting_malware/

 

[Deleted member 178]

just flash the bios

 

[Gnosis]

just flash the bios

worse comes to worst, then remove CMOS battery and put it back. I think that flashes the BIOS. (Complementary Metal Oxide Semi-conductor)
It looks like a big watch battery.

 

[Gnosis]

Matt Rizos seems to think this is all nonsense. I am leaning that way too.

 

[Gnosis]

Two computers that are not connected to each other via established types of network interfaces (e.g. IEEE 802.3 Ethernet [2] or IEEE 802.11 WLAN [3]) or that are prohibited from communicating with each other over these established types of network interfaces are, nevertheless, able to communicate with each other by using their audio input and output devices (microphones and speakers).

http://www.theregister.co.uk/2013/12/05/airgap_chatting_malware/

 

[Nico@FMA]

What i would like to point out is that the bios battery is powering the bios, even if the pc is off.
Now obviously this is theoretical what i am going to say, BUT it would not be unthinkable that this bit of energy is enough to allow micro commands to be executed within the bios itself, for example wake up on LAN or similar options.
That being said i want to thank everyone for the additional info as some of it is new for me, so nice work.
But lets focus on the post i made, as so far there is no connection towards DARPA projects and such.
Obviously it seems that BADbios is using a similar technique then i posted. But so far did take the time to read up on BADb and its seems that it looks like it uses "some" techniques, but those who did read the report i posted will quickly find out that something way more advanced is being described in the report.
Nontheless BADb seems to be truly bad.

On a side note, cloud AV for BIOS is going to be a problem, because the BIOS is a integral part of the pc and of its start-up process and i do not see how within the current configurations this could be altered to have a reliable stand-off against BB Type malware or any malware for that matter.
Also the internal transport size of the BIOS chip and its very architecture needs a serious overhaul, otherwise it will never be capable to even service a AV solution.
However i could be wrong, just thinking out loud here

 

[Deleted member 178]

Some motherboard have built-in virus protection so it will not be so difficult, anyway this badbios look more a scifi thing that a real threat