firmware malware: DVD; ?motherboard?

Russell Coker russell at coker.com.au
Thu Dec 24 12:08:43 AEDT 2015


On Thu, 24 Dec 2015 01:26:53 AM Douglas Ray via luv-main wrote:
> We have a PC with firmware malware on - at least - both DVDs.

Do you have a reference for DVD firmware malware?

> I don't know if it's worth recovering the system, but I definitely
> want to find diagnostics for identifying infections and vectors
> on the rest of the LAN.
> 
> Booting a DVD live-image of ubuntu, invocations of
> firefox are intercepted and come up as "JON recovery system"
> or some such. The attack vector may have been the old XP
> system on the harddrive, but equally it may have been one
> of the ubuntu images.

A google search on "JON recovery system" gives results about corrupted routers 
from D-Link.  Apparently if your firmware is corrupted in such a router it will 
give you a "JON recovery system" web page to allow you to fix things.

Why would someone go to the immense effort of creating malware that can either 
intercept filesystem access to give a different version of the application files 
or modify the OS kernel to change the application in memory and then do 
something obvious like give a bogus web site?

Are you sure your dlink router isn't broken?

-- 
My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/


More information about the luv-main mailing list