Jump to content


Photo

Kaspersky fighting the good fight! (aka "lol hax")


  • Please log in to reply
2 replies to this topic

#1 SquallStrife

SquallStrife

    Really knows where his towel is

  • Atomican
  • 17,939 posts

Posted 18 February 2015 - 07:26 AM

http://arstechnica.c...-found-at-last/

Wherein Kaspersky busts the lid on some serious low-level attacks. Infecting PCs with malware that can survive re-imaging.

The malicious firmware created a secret storage vault that survived military-grade disk wiping and reformatting, making sensitive data stolen from victims available even after reformatting the drive and reinstalling the operating system. The firmware also provided programming interfaces that other code in Equation Group's sprawling malware library could access. Once a hard drive was compromised, the infection was impossible to detect or remove.


SyDjDDk.png [retro swim] | AzpUvwG.png @retroswimau | q5O6HgO.png +RetroSwim
四時半を待っています!

#2 Master_Scythe

Master_Scythe

    Titan

  • Hero
  • 20,211 posts
  • Location:QLD

Posted 18 February 2015 - 08:24 AM

Wow, love it! I can't help but admire people that skilled, evil or not.

 

Curiously; 

Second, a highly advanced keylogger in the Equation Group library refers to itself as "Grok" in its source code.

 

 

How are they seeing the source code if all they've got is the executable? I've always been told its impossible to reverse engineer an executable to source.


Wherever you go in life, watch out for Scythe, the tackling IT support guy.

"I don't care what race you are, not one f*cking bit, if you want to be seen as a good people, you go in there and you f*ck up the people who (unofficially) represent you in a negative light!"


#3 SquallStrife

SquallStrife

    Really knows where his towel is

  • Atomican
  • 17,939 posts

Posted 18 February 2015 - 09:34 AM

They'd just be looking at the executable in a hex viewer, or potentially assembly language code (easily obtainable by disassembly). Strings are often stored directly in the executable for convenience.

Try it, drop cmd.exe in to notepad, and you'll see "This program cannot be run in DOS mode."

It's highly unlikely that they recovered the original C/C++ source code.

Edited by SquallStrife, 18 February 2015 - 09:38 AM.

SyDjDDk.png [retro swim] | AzpUvwG.png @retroswimau | q5O6HgO.png +RetroSwim
四時半を待っています!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users