back to article To kill BlackLotus malware, patching is a good start, but...

BlackLotus, the malware capable of bypassing Secure Boot protections and compromising Windows computers, has caught the ire of the NSA, which today published a guide to help organizations detect and prevent infections of the UEFI bootkit. Kaspersky's lead security researcher Sergey Lozhkin clocked BlackLotus being sold on …

  1. t245t

    Secure Boot is supposed to prevent devices from running unauthorized software.

    "Secure Boot is supposed to prevent devices from running unauthorized software."

    I've often wondered why dual-boot was so unnecessarily complex on modern PCs.

    "Linux distributions do still need the Microsoft UEFI Third Party Marketplace CA 2011 certificate to utilize Secure Boot"

    Now we know.

    1. Zippy´s Sausage Factory

      Re: Secure Boot is supposed to prevent devices from running unauthorized software.

      It's always felt to me like UEFI was never intended to make things more secure for end users, but to help to secure Micros~1's dominance of the operating systems market.

  2. Roland6 Silver badge

    Patches for Windows Server?

    ” Also, it's important to note that while Windows 10 and 11 have applicable security updates and ongoing mitigation deployments for BlackLotus, these aren't available for older versions.”

  3. Grunchy Silver badge

    I’m feeling friggin invincible these days, what with my cast-off industrial server hardware from HP.

    (DL380P Gen8 for $20 a pop - plus 256 GB ram, 1x SSD for Proxmox with 7x 5TB enterprise drives for ZFS, topped with a Tesla P4 for machine learning duties).

    Plus a separate Netgear NAS for ISOs and snapshots and backups.

    The icing on the cake… HP had sabotaged this entire line of cast-offs by infecting them with a freeware “fan bomb” that defaults to 100% pulse width modulation if its spyware detects you running any sort of late model storage solution. It’s like a friggin jet engine hair dryer, blowing the loose papers all ‘round the joint + sucking about 300W at idle…

    THANKFULLY the hacker community delivers, yet again, by stumbling upon some disabled fan control commands in the 2.77 iteration from a couple years back. Their resultant masterwork, entitled “Silence of The Fans,” graces GitHub for the benefit of all:

    My cheap ass hypervisor lives! And is livable! And if I get hacked I’ve got stacks of iterative snapshots to fall back upon!

    (I’m not joking, the $cheap E5-2697V2s bench at 77% my venerable Ryzen 1800x - and that’s single core vs!)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like