Custom-made UEFI bootkit found lurking in the wild

by
Dan Goodin
from Ars Technica - All content on (#58TCX)
rootkit-800x533.jpg

Enlarge (credit: sasha85ru | Getty Imates)

For only the second time in the annals of cybersecurity, researchers have found real-world malware lurking in the UEFI, the low-level and highly opaque firmware required to boot up nearly every modern computer.

As software that bridges a PC's device firmware with its operating system, the UEFI-short for Unified Extensible Firmware Interface-is an operating system in its own right. It's located in a SPI-connected flash storage chip soldered onto the computer motherboard, making it difficult to inspect or patch the code. And it's the first thing to be run when a computer is turned on, allowing it influence or even control the OS, security apps, and all other software that follows.

Those characteristics make the UEFI the perfect place to stash malware, and that's just what an unknown attack group has done, according to new research presented on Monday by security firm Kaspersky Lab.

Read 28 remaining paragraphs | Comments

index?i=zt8eJJiyY9U:1j6mQlYDFI8:V_sGLiPB index?i=zt8eJJiyY9U:1j6mQlYDFI8:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments