firmware malware: DVD; ?motherboard?
Trent W. Buck
trentbuck at gmail.com
Thu Dec 24 11:52:15 AEDT 2015
Douglas Ray via luv-main
<luv-main at luv.asn.au> writes:
> We have a PC with firmware malware on - at least - both DVDs.
Er, are you saying the microcontroller on the DVD drive's circuit board
is infected? (As opposed to the infected component being on the
motherboard, or on a DVD *disc*, or...)
How did you determine this?
> Booting a DVD live-image of ubuntu, invocations of
> firefox are intercepted and come up as "JON recovery system"
> or some such. The attack vector may have been the old XP
> system on the harddrive, but equally it may have been one
> of the ubuntu images.
As another poster suggested,
"jon recovery system" appears to originate from the httpd in D-Link
firmware for router appliances.
If you remove all NICs from the "infected PC",
do the symptoms go away?
More information about the luv-main