Researcher creates proof-of-concept malware that infects BIOS, network cards

Status
Not open for further replies.

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
NetworkWorld said:
Security researcher Jonathan Brossard created a proof-of-concept hardware backdoor called Rakshasa that replaces a computer's BIOS (Basic Input Output System) and can compromise the operating system at boot time without leaving traces on the hard drive.

Brossard, who is CEO and security research engineer at French security company Toucan System, demonstrated how the malware works at the Defcon hacker conference on Saturday, after also presenting it at the Black Hat security conference on Thursday.


Rakshasa, named after a demon from the Hindu mythology, is not the first malware to target the BIOS -- the low-level motherboard firmware that initializes other hardware components. However, it differentiates itself from similar threats by using new tricks to achieve persistency and evade detection.

Rakshasa replaces the motherboard BIOS, but can also infect the PCI firmware of other peripheral devices like network cards or CD-ROMs, in order to achieve a high degree of redundancy.

Rakshasa was built with open source software. It replaces the vendor-supplied BIOS with a combination of Coreboot and SeaBIOS, alternatives that work on a variety of motherboards from different manufacturers, and also writes an open source network boot firmware called iPXE to the computer's network card.

All of these components have been modified so they don't display anything that could give their presence away during the booting process. Coreboot even supports custom splashscreens that can mimic the ones of the replaced BIOSes

Read more on NetworkWorld
 

Spirit

Level 2
May 17, 2012
1,832
Rakshasa is demon or devil in hindu mythology which troubles innocent peoples.

So how this infection can be caught?
By some av,antimalware or other way to track it.
 
D

Deleted member 178

Rakshasa : tiger-head demon with hand's palm on the top of the hand

About the BIOS malware, yesterday i explained briefly to Nikos than some malwares affect it, now he will be more paranoid than ever :D
 

Spirit

Level 2
May 17, 2012
1,832
Shadow defender cannot protect it too umbra


 
Last edited by a moderator:

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
This is a game changer; Will Nikos now run an Antivirus? :p

Umbra Corp. said:
About the BIOS malware, yesterday i explained briefly to Nikos than some malwares affect it, now he will be more paranoid than ever :D
 
D

Deleted member 178

Stranger said:
Shadow defender cannot protect it too umbra

yes i saw it, it is the .331 version, not developed by the original author that mysteriously disappeared, the forum was abandonned and the code was bought by a chinese then that version appeared from nowhere without any explanation to moderators and any changelogs. even the installer is smaller but the products got more features than the older ones, seems strange since generally when you upgrade a product adding features, the installer get bigger not smaller.

many SD's users at Wilders and me, still using the older version (.325 &.326 beta) because we think the .331 is not safe at all and may even be a malware. it seems we are right :D

there is a 45 pages discussion about the infamous .331 release on wilders.
 

loveboy_lion

Level 1
Verified
Feb 23, 2012
511
If anyone Gets infected with such virus then i guess only thing to do would be burn your computer or throw it in the sea :-(
Hope they really find some way to avoid such malware ?
 
D

Deleted member 178

loveboy_lion said:
If anyone Gets infected with such virus then i guess only thing to do would be burn your computer or throw it in the sea :-(

just flash the BIOS.
 
D

Deleted member 178

maybe by checking the outbound connections from the firewall's/router network monitor.
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
If your PC supports UEFI, then use Windows 8 to eliminate the old BIOS.
 
P

Plexx

Earth said:
This is a game changer; Will Nikos now run an Antivirus? :p

Nikos will probably switch to Linux at this stage... Earth, prepare your Linux Encyclopedia!

Umbra Corp. said:
just flash the BIOS.

That is one way, but at the same time when flashing BIOS, pray you don't have a power cut just like it happened today to me. Lucky I wasn't doing anything :/


Umbra, the beta version is it stable enough? (SD). I thought there was another version in between the beta and .331. Maybe I got it confused.
 
D

Deleted member 178

Biozfear said:
Umbra Corp. said:
just flash the BIOS.

That is one way, but at the same time when flashing BIOS, pray you don't have a power cut just like it happened today to me. Lucky I wasn't doing anything :/

just plug your pc to a car's battery:p

Umbra, the beta version is it stable enough? (SD). I thought there was another version in between the beta and .331. Maybe I got it confused.

i am using the .326 beta, i dont know why .325 stable is BSODing on my system.
 

malbky

Level 1
Jun 23, 2011
1,011
Best security measure, flash BIOS once a month. A better measure, create an AV chip similar to the bios which scans the BIOS before loading. Wont the malware be caught by an HIPS, if it tries to flash itself to the bios?
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top