Re: Foistware takes-on a new pervasiveness..



Anteaus wrote:
http://blogs.zdnet.com/security/?p=3828

Bad enough the foisted copy of Norton or McAfee that greets you with a
registration demand the first time you use your new computer. This takes the
biscuit, though. LoJack is software burned-into the BIOS which is only of any
use if you subscribe to the third-party service which sponsored this burn-in,
and which (according to researchers) opens your computer to exploits even if
you don't.

Plus, you can't remove it. At least, not without something like an EEPROM
programmer.

From what I've been able to dig-up, the BIOS module, if activated, writes
several DLLs to the windows\system folder such that they are launched at
startup. These phone-home to the vendor's site once a day to report the
computer's security status. They include an function to remotely wipe the
disk on command from the site. The danger here is that malware could
similarly activate the BIOS module, but change the URL it phones-home to,
giving the intruder the ability to wipe the disk, or other malicious acts.
Therefore any computer which has had malware on it is at risk of carrying an
exploited copy of this, and even if the malware has been completely removed
(or even the hard-disk changed!) the compromised BIOS module may still pose
a threat.

As for me, I'm just glad I'm using an unaffected model.

I think.

Some of this is just what malware could do to you anyway. The novelty
is that if your computer is stolen and compromised, even Windows reie!
nstalled from what you describe, this thing will override and still
attempt to perform its security function.

Spoofing the service's Web site with DNS interference is one approach
that comes to mind, but you hope the system also has enough security
so that it can distinguish its genuine home site from fake.

If relatively few people are using this service to protect their data,
then either they're paranoid or their data is very, very valuable. An
interesting target for hacking.

However, if "flush" is the only command that can be given from the
server to the PC, malicious opportunities are limited. I'm not sure
exactly how you'd do it, threaten damage maybe, so I suppose I'd
better stay honest. Well, wait. You'd have to hack the server and
get the customer list, and maybe wipe some victim hard disks
randomly. Then write to other customers and say you'll hack the
service /again/ unless they pay ransom on their own data. Well, more
like protection money. And so they say something back to you that I
won't write and they tighten up their data backup process. Huh.
Okay, you hack the web site, steal customer data, /don't/ demonstrate
your powers. . nope. Same problem, you tell your victims about this,
they just make their backups.
.



Relevant Pages

  • RE: More along the lines of malware disinfection
    ... not feeling much of a hit because the attacker is simply using their PC ... More and more, malware authors are moving to targeted attacks, where they ... Should your customer be that person? ... infection occurred, and what was tampered with after the infection. ...
    (Focus-Microsoft)
  • Foistware takes-on a new pervasiveness..
    ... They include an function to remotely wipe the ... The danger here is that malware could ... similarly activate the BIOS module, but change the URL it phones-home to, ... giving the intruder the ability to wipe the disk, ...
    (microsoft.public.windowsxp.security_admin)
  • RE: More along the lines of malware disinfection
    ... if you ask 'little' people if they do banking and personal work on ... More along the lines of malware disinfection ... machine that gets a virus. ... Recently I was setting up wireless for a customer. ...
    (Focus-Microsoft)
  • Re: More along the lines of malware disinfection
    ... might have earnt about 4 times more money than I have to date running my business, however I don't think customers would appreciate their computer install being nuked every time they have a malware issue. ... I would say that so far I've done about 50 installs of Windows whereas I have attended about 200 appointments where I have removed some form of malware from a computer. ... I informed the customer anyway of the risks, feeling bad like I was fishing for more work I told them they were probably perfectly safe but couldn't be 100% without doing more work or a full service on the box. ...
    (Focus-Microsoft)
  • Re: A warning from Google!
    ... Rotated banner ads can have malware. ... There's also a blog-takeover ... hack that's been recently announced at a security con (can't remember ...
    (alt.computer.security)