Using Secure Boot + Bit Locker + a TPM will defeat this sort of malware crap.
Windows' Nemesis: Pre-boot malware pwns payment processors
Cybercrooks targeting payment card data have developed a sophisticated malware that executes before the operating system boots. Security researchers at FireEye / Mandiant came across the rarely seen so-called bootkit technique during a recent investigation at an organisation in the financial transaction processing industry. …
Monday 7th December 2015 14:03 GMT Anonymous Coward
Monday 7th December 2015 14:58 GMT Havin_it
Re: Secure Boot
Are there known flaws in Secure Boot, AC? I hadn't heard this, could you elaborate please? (Really; I'm interested)
I mean there's the ability to turn it off for one (so far...) but that's not a vuln per se. And as the implementation is in the UEFI layer no doubt there may be vendor-specific implementation quirks, but you make it sound more as though the standard (or howsoever one might term the implementation requirements for Windows certification, whatever they are exactly ... not my area) itself is flawed. If so, how so?
Monday 7th December 2015 15:06 GMT Anonymous Coward
Monday 7th December 2015 15:40 GMT dogged
Re: Secure Boot
Obviously the solution is to switch everything to linux* immediately because everything runs on linux and if it doesn't then everything runs perfectly on WINE and linux doesn't get viruses or trojans and linux is (somehow) immune to pre-boot malware.
Everybody knows that. This is clearly a Winblows problem, and I expected it's related to Microslurp stealing all your data. The headline makes that much clear.
*Mint, of course. You have to recommend Mint because it's a Reg Forum Bylaw.
Monday 7th December 2015 16:29 GMT Anonymous Coward
Monday 7th December 2015 17:02 GMT dogged
Re: Secure Boot
> Couldn't you make it to the end of the first sentence in the article?
I did but the article was tripe. A bootkit doesn't care what OS you're running (SecureBoot and TPM aside). The specific malware in this instance may be a Win32 variant but it could just as easily be anything else - it's use of the vector that's important. In fact, the prevalence of SecureBoot and TPM is likely to make this vector more an issue for systems which do not make use of those.
Please note that most popular linux distros can be SecureBoot enabled very easily.
It would benefit most users if commentards ceased to scream about how "unfair" SecureBoot is and instead pointed people toward this helpful article.
(Many) Other articles are available.
Monday 7th December 2015 20:25 GMT David Roberts
Wednesday 13th April 2016 10:38 GMT Roo
Re: Secure Boot
It is rather peculiar that you attracted a ton of downvotes by pointing people at a useful article showing the long chains of trust inherent in the x86 boot-time security model and references to SMM exploits that undermine it. It would be interesting to know *why* the downvoters chose to make the mark, even if it is something as simple as wanting to bury bad news.
Have an up-vote from me anyway.
Tuesday 8th December 2015 10:51 GMT Panopticon
Re: Secure Boot
Re: Flaw's in secure Boot (Really, I'm Interested)
It's secure - we've heard that before, Sony say's the same thing about it's EEPROM boot-loader on the PS4 and then a load of Brazilian gamers figure out that with a Raspberry Pi you can rewrite the EEPROM to have any damn boot-loader (JAISPI). Any implementation of Windows itself is flawed because Windows embraces broken Web standards like HTML 5 and bundles it into it's PRISM based internet exploding browser whilst other people desperately work there hand at trying to patch there huge fuck-up's and try to remove there shit. They screwed the implementation of Kerberos then they screwed implementation of Bit-locker in Windows 10 and it's worthy of note that no version of Windows actually ships with OpenSSL that's something you the end users are expected to add-on, this is the off-spring of Caldera still eating it's own children and destroying the web in the name of better advertising and marketing along with it's chums at Google who quote Steve Jobs as being a great visionary when Steve Jobs was last quoted as having said and I quote "Android and G-Docs is Shit!" Exploits against Kerberos, against SSL & SSH, against etc, etc, etc where have we heard all that before.. Oh that whistle-blowing guy who told everybody to go use Debian, then when everybody start's using Linux, suddenly Linux falls on the scum-bag trading list as malware that supports terrorism and suddenly System-D and other such horse-shit that allows crime ware and Trojans in Linux suddenly spreads it's affluence with effluence and projects that try to mitigate the crap with sane Libs like uLibC and Musl with grSecurity instead of SELinux and MAC get hosed.
These guys at the NSA & GCHQ with there friends at Google coming out with horse-shit like "Ubuntu LTS" is the most "secure" distribution ever, are really starting to piss everybody including the Securities Exchange Commission off quite badly. Definition of "Secure" distribution, one that doesn't have your enlarged spying testicles in it or maybe one that hasn't had you deliberately hose the crypto_API with NSA_Key.dll and bundle Javashit into the desktop. I can think of numerous alternatives such as Flex, Pascal and Russian copies of a Windows Clone. (ReactOS FTW) just bundle it with Kerberos version 3.2.2 and CoreForce firewall and viola, you've got Unisys Stealth Core (TM) technology. With a firm two fingers to most major browser vendors including Google!
Tuesday 8th December 2015 11:58 GMT TheVogon
Re: Secure Boot
"Any implementation of Windows itself is flawed because Windows embraces broken Web standards like HTML 5 and bundles it into it's PRISM based internet exploding browser whilst other people desperately work there hand at trying to patch there huge fuck-up's and try to remove there shit. "
English, do you speak it? http://www.howtospell.co.uk/homophonesquiz.php
"it's worthy of note that no version of Windows actually ships with OpenSSL "
Thank you god.
"They screwed the implementation of Kerberos"
Nope. Kerberos works just fine on Windows and is fully standards compliant. It has features like say constrained delegation that Linux desperately needs out of the box..
"then they screwed implementation of Bit-locker in Windows 10"
There is a bug disabling it in certain circumstances when you also have hardware disk encryption.. The implementation of it is otherwise just fine.
Tuesday 8th December 2015 12:09 GMT dogged
Monday 7th December 2015 15:42 GMT dogged
Monday 7th December 2015 14:34 GMT heyrick
Given the number of random things we're expected to put our cards into
The banks really ought to devise some sort of method to verify not only that the device is secure (how? that's their problem to figure out) and to assure clients that the device is a real payment device - perhaps by displaying a code word known only to the cardholder and the bank?
Monday 7th December 2015 14:52 GMT Arctic fox
Monday 7th December 2015 19:12 GMT Joe User
I've seen its like before
One of my co-workers was afflicted with similar malware a few years ago. It checked the hard drive, found a few megs of unallocated space, and created a partition of an unknown type to hold the code. The malware set its partition to "bootable" and loaded before Windows. To remove it, I had to:
- Boot from a GParted Live disc
- Delete the rogue partition
- Expand the Windows partition to occupy that space (you won't pull that trick twice)
- Boot from a Windows installation disc
- Run Windows repair and fix the boot configuration
- Boot into Windows
- Run several anti-malware programs to "delouse" the PC
Never a dull moment around here....
Monday 7th December 2015 21:18 GMT A Non e-mouse
Tuesday 8th December 2015 01:26 GMT channel extended
Tuesday 8th December 2015 11:13 GMT phuzz
Re: I've seen its like before
$time = Time to disinfect (hrs)
$rate = Hourly rate of techie (£/hr)
$cost = Cost of new device (£)
So it's worth chucking the device and getting a new one when:
$cost < $time * $rate
Given that the procedure that Joe User followed probably took about five hours, it's not worth buying a new device unless it's very cheap, or your techie is very expensive. Personally I charge friends "one meal" for this sort of thing, they shouldn't need to buy a new device unless they can find one for less than the cost of a meal.
What do you mean it was a rhetorical question?
Tuesday 8th December 2015 09:26 GMT Tanner
This seems to be the work of the NSA, not Russian hackers since the expertise required to write the malware code goes beyond what it's accessible to hackers. Also, the infamous "Equation Group" credited with sophisticated hacking and malware creation was identified and documented as part of the NSA's covert army. Also, let's not forget that Stuxnet and its variants were also identified as an American-Israeli creation due to the resources required to write such piece of malware. So stop bashing the Russians!!!! "Could be Russians"????? Come on....Inuendos and guessing is what it's being projected and pushed here. Always blame the Ruskies....
Tuesday 8th December 2015 13:34 GMT Panopticon
Of course, you see the One dollar bill, look at the Eyeball and now draw another triangle onto it in reverse and there's your American-Isreali connection spelled out in black and white with the words MASON. Of which the last 13 presidents all where members. It's a delight to listen to them prattle on about innovation and technological achievement. After all what has america achieved with there technology over the last 50 years?? Ah yes, a technocracy where most of there technology is a huge monumental fuck-up.
None of it actually work's, instead there busy doing what they've always done, what with being american-jewish and sacrificing there children to "Moloch" worshipping a flying GNU Bull which is something Mohammed slammed them all over in the middle ages.
Look at the wonder's of Unix BSD & Linux.. Neither of them work!
Never have done and probably never will. Very innovative, you have to admit the rest of the world must be marvelling at there technological advancement and achievement and in other news special agent Chan of the peoples republic of China has her hip's firmly wrapped around her husband Mr Zuckerburgs waist. Lets all just "Marvel" at the love-int going on. Facebook has no secrets from her, especially when she writes home in Mandarin cipher to her Relatives in the communist party!
Tuesday 8th December 2015 17:22 GMT dogged
Tuesday 8th December 2015 20:47 GMT Anonymous Coward
Take a look fool..
http://web.mit.edu/dryfoo/Masonry/Essays/friday13.html <-- MIT
http://freemasonrywatch.org/pics/skullandbones.crossedlegs.jpg <-- George Bush
The number nine was consecrated to the Spheres and the Muses. It is the sign of every circumference; because a circle or 360 degrees is equal to nine, that is to say, 3+6+0=9. Nevertheless, the ancients regarded this number with a sort of terror; they considered it a bad presage; as the symbol of versatility, of change, and the emblem of the frailty of human affairs. Wherefore they avoided all numbers where nine appears, and chiefly 81, the produce of nine multiplied by itself, and the addition whereof, 8+1, again presents the number nine. As the figure of the number six was the symbol of the terrestrial globe, animated by a Divine Spirit, the figure of the number nine symbolized the earth, under the influence of the Evil Principle; and thence the terror it inspired. ("Do No Evil")
http://plan9.bell-labs.com/plan9/index.html <--- AT&T Most secure Unix version IX (9) otherwise called NSA Net!
Tuesday 8th December 2015 18:33 GMT Anonymous Coward
Like Mr. Vogon suggested, please learn to write legibly before trying to join in the grownups' conversation.
"American-Isreali" I'll put that down to finger-trouble
"presidents all where members" where?
"achieved with there technology" their
"most of there technology" their
"None of it actually work's" works
"instead there busy" they're
"sacrificing there children" their
"Look at the wonder's" wonders
"Never have done and probably never will." Not a sentence and a clueless start to a paragraph.
"marvelling at there technological advancement" their
"peoples republic of China" People's Republic
"has her hip's" hips
"Mr Zuckerburgs waist" 's
"Lets all" Let's
"Relatives " relatives
"communist party" C P
Ok, I call Poe. That's before even laughing at the ideas.
Tuesday 8th December 2015 18:43 GMT TheVogon
"not sure if trolling or actually mental"
American imo. Probably watches Fox News all day for the source of the material above...
"Like Mr. Vogon suggested, please learn to write legibly before trying to join in the grownups' conversation."
I couldn't be bothered to give more than a hint! But +1 for effort.
I would be slightly sympathetic if it was clear that English was not the first language, but unfortunately I think the problem is more educational in nature...
Tuesday 8th December 2015 21:53 GMT Panopticon
Isis, is very much there baby, it's indicative of the 9 https://en.wikipedia.org/wiki/Ennead of ancient Egypt.
Eric Holder - Mason
James Clapper - Mason
Barrak Obama - Mason
George W. Bush - Mason
Clinton - Mason
Eric J. Schmidt - Mason
So you can bet, the next president of the United States is going to be a Mason.
Ha and people thought Muslims where fanatical...