firmware malware: DVD; ?motherboard?

Trent W. Buck trentbuck at gmail.com
Thu Dec 24 11:52:15 AEDT 2015


Douglas Ray via luv-main
<luv-main at luv.asn.au> writes:

> We have a PC with firmware malware on - at least - both DVDs.

Er, are you saying the microcontroller on the DVD drive's circuit board
is infected?  (As opposed to the infected component being on the
motherboard, or on a DVD *disc*, or...)

How did you determine this?

> Booting a DVD live-image of ubuntu, invocations of
> firefox are intercepted and come up as "JON recovery system"
> or some such. The attack vector may have been the old XP
> system on the harddrive, but equally it may have been one
> of the ubuntu images.

As another poster suggested,
"jon recovery system" appears to originate from the httpd in D-Link
firmware for router appliances.

If you remove all NICs from the "infected PC",
do the symptoms go away?



More information about the luv-main mailing list