On Thu, 24 Dec 2015 01:26:53 AM Douglas Ray via luv-main wrote:
We have a PC with firmware malware on - at least - both DVDs.
Do you have a reference for DVD firmware malware?
I don't know if it's worth recovering the system, but I definitely want to find diagnostics for identifying infections and vectors on the rest of the LAN.
Booting a DVD live-image of ubuntu, invocations of firefox are intercepted and come up as "JON recovery system" or some such. The attack vector may have been the old XP system on the harddrive, but equally it may have been one of the ubuntu images.
A google search on "JON recovery system" gives results about corrupted routers from D-Link. Apparently if your firmware is corrupted in such a router it will give you a "JON recovery system" web page to allow you to fix things. Why would someone go to the immense effort of creating malware that can either intercept filesystem access to give a different version of the application files or modify the OS kernel to change the application in memory and then do something obvious like give a bogus web site? Are you sure your dlink router isn't broken? -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/