#badBIOS (and lotsa paranoia, plus fireworks)

Update on the malware formerly known as “BIOS SDR,” now known as #badBIOS:

Dragos’s post to his Facebook page basically reads like the video message voice-over at the beginning of a post-apocalyptic horror film. “We’re down to the last few survivors…”

In fact, the virus in question IS remarkably alien-zombie-parasite-like. It seems reprogram any memory stick you insert into the computer to infect all subsequent systems you plug it in to!

Strangely the only people who’ve developed software to reset flash controllers are the Russians, maybe they’re used to this. I suppose the Eastern European hackers are famous for really low-level nitty gritty understanding, presumably thanks to a deadly Soviet-era mix of education plus having to make everything work given only a hammer and vodka. https://www.facebook.com/dragosr/posts/10151655183445588

– It uses TTF font files as well to spread (systems automatically preview them) https://twitter.com/dragosr/status/392348130101829632 https://twitter.com/dragosr/status/392348850184155137

– Plugging a memory stick from infected box to uninfected box is sufficient to create an infection… on xBSD (!!!) https://twitter.com/dragosr/status/393021493149302785

– The infection occurs without mounting the drive — just plugging is enough — suggesting a buffer overflow in the BIOS ID handling https://twitter.com/dragosr/status/393022639549063168

– The malware blocks Russian flash controller reflashing software sites https://twitter.com/dragosr/status/393023050750234624

– Non-Windows systems produce odd sizes and partition errors the *second* time you plug them into an infected system

– One malware “tell” is a refusal to boot from CD https://twitter.com/dragosr/status/393024741155426304

– OS X hardware is not immune https://twitter.com/dragosr/status/393025136065912832

– Unsafely ejecting memory sticks from infected systems bricks them for clean ones, plugging them back in mysteriously restores them https://twitter.com/dragosr/status/393026712197279746

– CDs burned on infected systems have strange files https://twitter.com/dragosr/status/393031534657024000

– The guy looking into this has basically been throwing a computer away each step of the analysis! https://twitter.com/dragosr/status/393062792132968448

NSA intercepts 125 *BILLION* phone calls a month!

NSA news for the German-speakers…
The NSA spied on (so far NSA-friendly) German chancellor Angela Merkel. They broke into her smartphone. She is Not Amused. Evidently the reaction of the Brazilian and Mexican presidents was duly noted in those scouring the SnowdenLeaks.

German magazine Der Spiegel (presumably working on a Snowden story) asked the German foreign intelligence service BND and “defensive-only” signals security service BSI whether certain things were plausible… and got a ZOMGWTFBBQ! reaction back. http://www.spiegel.de/politik/deutschland/nsa-merkel-beschwert-sich-bei-obama-a-929636.html

Scahill: “The NSA is still understimated. […] The NSA plays an absolutely central role in a worldwide program of American killing […] The NSA is not a bunch of computer geeks that sit around in Fort Meade and listen to phone calls. The NSA is a massive beast of an organization, that has a military mission from the ground up. Anyone who thinks they’re just geeks with headphones does not understand the American security apparatus.”

Trust Schneier? In light of the amusing discussion going around, Bram Cohen’s interesting comment on why Schneier may not be trustworthy. http://www.scottaaronson.com/blog/?p=1517#comment-87418

Wayne Madsen claims Omidyar linked to Booz Allen Hamilton and the CIA. Controversial figure to be sure, but his — later removed under Wikileaks’ pressure — Guardian article about intelligence agreements was right on the money. https://twitter.com/WMRDC/status/392414384238395392

DIY fireworks show. http://imgur.com/a/0M7db/noscript

(all the main links inline, there’s too many)

%d bloggers like this: