firmware malware: DVD; ?motherboard?

Tony White tony at ycs.com.au
Thu Dec 24 13:02:54 AEDT 2015


Hi all,
   This may be a little off topic but it might be illuminating
if you have not seen it before.

https://securelist.com/files/2015/02/Equation_group_questions_and_answers.pdf

best wishes
   Tony White


On 24/12/2015 12:08, Russell Coker via luv-main wrote:
> On Thu, 24 Dec 2015 01:26:53 AM Douglas Ray via luv-main wrote:
>> We have a PC with firmware malware on - at least - both DVDs.
> Do you have a reference for DVD firmware malware?
>
>> I don't know if it's worth recovering the system, but I definitely
>> want to find diagnostics for identifying infections and vectors
>> on the rest of the LAN.
>>
>> Booting a DVD live-image of ubuntu, invocations of
>> firefox are intercepted and come up as "JON recovery system"
>> or some such. The attack vector may have been the old XP
>> system on the harddrive, but equally it may have been one
>> of the ubuntu images.
> A google search on "JON recovery system" gives results about corrupted routers
> from D-Link.  Apparently if your firmware is corrupted in such a router it will
> give you a "JON recovery system" web page to allow you to fix things.
>
> Why would someone go to the immense effort of creating malware that can either
> intercept filesystem access to give a different version of the application files
> or modify the OS kernel to change the application in memory and then do
> something obvious like give a bogus web site?
>
> Are you sure your dlink router isn't broken?
>



More information about the luv-main mailing list