Jump to content
Sign in to follow this  
SquallStrife

Kaspersky fighting the good fight! (aka "lol hax")

Recommended Posts

http://arstechnica.com/security/2015/02/how-omnipotent-hackers-tied-to-the-nsa-hid-for-14-years-and-were-found-at-last/

 

Wherein Kaspersky busts the lid on some serious low-level attacks. Infecting PCs with malware that can survive re-imaging.

 

The malicious firmware created a secret storage vault that survived military-grade disk wiping and reformatting, making sensitive data stolen from victims available even after reformatting the drive and reinstalling the operating system. The firmware also provided programming interfaces that other code in Equation Group's sprawling malware library could access. Once a hard drive was compromised, the infection was impossible to detect or remove.

Share this post


Link to post
Share on other sites

Wow, love it! I can't help but admire people that skilled, evil or not.

 

Curiously;

Second, a highly advanced keylogger in the Equation Group library refers to itself as "Grok" in its source code.

 

 

How are they seeing the source code if all they've got is the executable? I've always been told its impossible to reverse engineer an executable to source.

Share this post


Link to post
Share on other sites

They'd just be looking at the executable in a hex viewer, or potentially assembly language code (easily obtainable by disassembly). Strings are often stored directly in the executable for convenience.

 

Try it, drop cmd.exe in to notepad, and you'll see "This program cannot be run in DOS mode."

 

It's highly unlikely that they recovered the original C/C++ source code.

Edited by SquallStrife

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×