firmware malware: DVD; ?motherboard?
russell at coker.com.au
Thu Dec 24 12:08:43 AEDT 2015
On Thu, 24 Dec 2015 01:26:53 AM Douglas Ray via luv-main wrote:
> We have a PC with firmware malware on - at least - both DVDs.
Do you have a reference for DVD firmware malware?
> I don't know if it's worth recovering the system, but I definitely
> want to find diagnostics for identifying infections and vectors
> on the rest of the LAN.
> Booting a DVD live-image of ubuntu, invocations of
> firefox are intercepted and come up as "JON recovery system"
> or some such. The attack vector may have been the old XP
> system on the harddrive, but equally it may have been one
> of the ubuntu images.
A google search on "JON recovery system" gives results about corrupted routers
from D-Link. Apparently if your firmware is corrupted in such a router it will
give you a "JON recovery system" web page to allow you to fix things.
Why would someone go to the immense effort of creating malware that can either
intercept filesystem access to give a different version of the application files
or modify the OS kernel to change the application in memory and then do
something obvious like give a bogus web site?
Are you sure your dlink router isn't broken?
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
More information about the luv-main