[AccessD] Custom-made UEFI bootkit found lurking in the wild - Ars Technica
jamesbutton at blueyonder.co.uk
Tue Oct 6 17:04:38 CDT 2020
Thanks for that
But you're 25 days early for Halloween.
And does that actually cap the older kids wearing a dark but cheap suit, and
carrying a case with the logo "IRS" printed on it.
With the really frightening IT thing being the sheer number of systems sold
As in, even in corporate environments - an OS installed, and even with the box
opened and resealed pre-delivery.
also, who nowadays even looks to see what is in the system startup,
let alone would notice unexpected code, as in something they know should not be
there as part of the OS.
OK - hard drives could have 'stuff' on the surface outside of the LBA.s
assignable as partitions
Time machines included drivers that way - the restore doing direct reads of the
drive for drivers as indicated in the .txt system description file.
Also there is the unused space in the bootblock, and the system partition.
Are similar exploits possible on SSD devices ?
And - as I recently found - an OS update from Microsoft had reset my system's
action-on-detection of plugged-in device from ask and explorer to autoplay
(run the preset program).
From: AccessD <accessd-bounces at databaseadvisors.com> On Behalf Of John Colby
Sent: Tuesday, October 6, 2020 8:43 PM
To: Access Developers discussion and problem solving
<accessd at databaseadvisors.com>
Subject: [AccessD] Custom-made UEFI bootkit found lurking in the wild - Ars
AccessD mailing list
AccessD at databaseadvisors.com
More information about the AccessD