Malware burrows deep into computer BIOS to escape AV

[~BD~]

Peter Foldes wrote:
> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
> news:j4sofp01551@news6.newsguy.com...
>> From: "~BD~" <~BD~@nomail.afraid.org>
>
>
> Thanks David for catching it and removing it. Awful when he does that.
> It has no business in the other group
>
>

Explain here in *this* group why you posted dangerous code in SE which
triggered this warning from MSE http://i56.tinypic.com/2uf6idx.jpg

MSE asked for the information to be sent to Microsoft for examination.
Such request was actioned.

[~BD~]

G. Morgan wrote:
> David H. Lipman wrote:
>
>> You recall WRONG. I elaborated how difficult it was and all the obstacles there were to
>> overcome and said there was nothing in the wild at that time
>
> That's the way I remember it.
>
> You said it was possible, but none had been seen in the wild yet.


LoJack can *already* do it!!!

Just because Mr Lipman hasn't seen versions 'in the wild' does *NOT*
mean that there aren't such malware scenarios.

I'll wager the bad guys are *way* ahead of those who try to catch them!

[David H. Lipman]

From: "~BD~" <~BD~@nomail.afraid.org>

> G. Morgan wrote:
>> David H. Lipman wrote:
>>
>>> You recall WRONG. I elaborated how difficult it was and all the obstacles there were
>>> to
>>> overcome and said there was nothing in the wild at that time
>>
>> That's the way I remember it.
>>
>> You said it was possible, but none had been seen in the wild yet.
>
>
> LoJack can *already* do it!!!
>
> Just because Mr Lipman hasn't seen versions 'in the wild' does *NOT* mean that there
> aren't such malware scenarios.
>
> I'll wager the bad guys are *way* ahead of those who try to catch them!

LoJack is a different animal altogether and CAN NOT be lumped together with mebromi
trojan.

Mebromi is malware. LoJack is not.

LoJack is loaded in an area of extra ROM at the factory and is designed to be there. For
malware to be loaded in ROM at the factory we would have a whole different scenario which
is called the Insider Threat.

Mebromi uses a cludgy method of ROM injection based upon the IceLord proof of concept.

LoJack in no way injects itself into ROM.

You have a *bad* reading and comprehension problem!

--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp

[eeyore]

On Fri, 16 Sep 2011 14:35:46 -0400, David H. Lipman wrote:

> From: "~BD~" <~BD~@nomail.afraid.org>
>
>> G. Morgan wrote:
>>> David H. Lipman wrote:
>>>
>>>> You recall WRONG. I elaborated how difficult it was and all the
>>>> obstacles there were to
>>>> overcome and said there was nothing in the wild at that time
>>>
>>> That's the way I remember it.
>>>
>>> You said it was possible, but none had been seen in the wild yet.
>>
>>
>> LoJack can *already* do it!!!
>>
>> Just because Mr Lipman hasn't seen versions 'in the wild' does *NOT*
>> mean that there aren't such malware scenarios.
>>
>> I'll wager the bad guys are *way* ahead of those who try to catch them!
>
> LoJack is a different animal altogether and CAN NOT be lumped together
> with mebromi trojan.
>
> Mebromi is malware. LoJack is not.
>
> LoJack is loaded in an area of extra ROM at the factory and is designed
> to be there. For malware to be loaded in ROM at the factory we would
> have a whole different scenario which is called the Insider Threat.
>
> Mebromi uses a cludgy method of ROM injection based upon the IceLord
> proof of concept.
>
> LoJack in no way injects itself into ROM.
>
> You have a *bad* reading and comprehension problem!

you might as well be talking to a wall...
--
max
Registered Linux User #393236

[Peter Foldes]

"~BD~" <~BD~@nomail.afraid.org> wrote in message news:j4vu20$e6h$1@dont-email.me...
> G. Morgan wrote:
>> David H. Lipman wrote:
>>
>>> You recall WRONG. I elaborated how difficult it was and all the obstacles there
>>> were to
>>> overcome and said there was nothing in the wild at that time
>>
>> That's the way I remember it.
>>
>> You said it was possible, but none had been seen in the wild yet.
>
>
> LoJack can *already* do it!!!
>
> Just because Mr Lipman hasn't seen versions 'in the wild' does *NOT* mean that
> there aren't such malware scenarios.
>
> I'll wager the bad guys are *way* ahead of those who try to catch them!


BD

Read what David posted and etch it in your mind. Do NOT start spreading FUD which is
what you do most of the time. LoJack is a different animal and does not belong into
the group that you are thinking of.

JS

[FromTheRafters]

"~BD~" <~BD~@nomail.afraid.org> wrote in message
news:j4up3h$d6g$1@dont-email.me...
> Peter Foldes wrote:
>> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
>> news:j4sofp01551@news6.newsguy.com...
>>> From: "~BD~" <~BD~@nomail.afraid.org>
>>
>>
>> Thanks David for catching it and removing it. Awful when he does that.
>> It has no business in the other group
>>
>>
>
> Explain here in *this* group why you posted dangerous code in SE which
> triggered this warning from MSE http://i56.tinypic.com/2uf6idx.jpg
>
> MSE asked for the information to be sent to Microsoft for examination.
> Such request was actioned.

Good, they should know that their AV detects non-threats so
that they can fix their software. )

[FromTheRafters]

"~BD~" <~BD~@nomail.afraid.org> wrote in message
news:j4unm4$3d6$2@dont-email.me...
> G. Morgan wrote:
>> FromTheRafters wrote:
>>
>>> TPM anyone?
>>
>> Big Brother.
>>
>
> ?????????? An explanation will be appreciated!

Some people have expressed privacy concerns over some
aspects of TPM implementation. IMO it does make diddling
with the boot axis by malware problematic.

[JD]

David H. Lipman wrote:
> From: "~BD~"<~BD~@nomail.afraid.org>
>
>> G. Morgan wrote:
>>> David H. Lipman wrote:
>>>
>>>> You recall WRONG. I elaborated how difficult it was and all the obstacles there were
>>>> to
>>>> overcome and said there was nothing in the wild at that time
>>>
>>> That's the way I remember it.
>>>
>>> You said it was possible, but none had been seen in the wild yet.
>>
>>
>> LoJack can *already* do it!!!
>>
>> Just because Mr Lipman hasn't seen versions 'in the wild' does *NOT* mean that there
>> aren't such malware scenarios.
>>
>> I'll wager the bad guys are *way* ahead of those who try to catch them!
>
> LoJack is a different animal altogether and CAN NOT be lumped together with mebromi
> trojan.
>
> Mebromi is malware. LoJack is not.
>
> LoJack is loaded in an area of extra ROM at the factory and is designed to be there. For
> malware to be loaded in ROM at the factory we would have a whole different scenario which
> is called the Insider Threat.
>
> Mebromi uses a cludgy method of ROM injection based upon the IceLord proof of concept.
>
> LoJack in no way injects itself into ROM.
>
> You have a *bad* reading and comprehension problem!
>

A characteristic of a troll. Which you and Peter keep feeding.

--
JD..

[David H. Lipman]

From: "JD" <JD@example.invalid>

> David H. Lipman wrote:
>> From: "~BD~"<~BD~@nomail.afraid.org>
>>
>>> G. Morgan wrote:
>>>> David H. Lipman wrote:
>>>>
>>>>> You recall WRONG. I elaborated how difficult it was and all the obstacles there
>>>>> were
>>>>> to
>>>>> overcome and said there was nothing in the wild at that time
>>>>
>>>> That's the way I remember it.
>>>>
>>>> You said it was possible, but none had been seen in the wild yet.
>>>
>>>
>>> LoJack can *already* do it!!!
>>>
>>> Just because Mr Lipman hasn't seen versions 'in the wild' does *NOT* mean that there
>>> aren't such malware scenarios.
>>>
>>> I'll wager the bad guys are *way* ahead of those who try to catch them!
>>
>> LoJack is a different animal altogether and CAN NOT be lumped together with mebromi
>> trojan.
>>
>> Mebromi is malware. LoJack is not.
>>
>> LoJack is loaded in an area of extra ROM at the factory and is designed to be there.
>> For
>> malware to be loaded in ROM at the factory we would have a whole different scenario
>> which
>> is called the Insider Threat.
>>
>> Mebromi uses a cludgy method of ROM injection based upon the IceLord proof of concept.
>>
>> LoJack in no way injects itself into ROM.
>>
>> You have a *bad* reading and comprehension problem!
>>
>
> A characteristic of a troll. Which you and Peter keep feeding.
>

You must realize that I am trying to get the facts straight for those who may read this
news group or pick it up on one of theose web forums that make believe they have forums
but really just link to Usenet.



--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp

[JD]

David H. Lipman wrote:
> From: "JD"<JD@example.invalid>
>snip

>>> In a reply to BD

>>> You have a *bad* reading and comprehension problem!
>>>
>>
>> A characteristic of a troll. Which you and Peter keep feeding.
>>
>
> You must realize that I am trying to get the facts straight for those who may read this
> news group or pick it up on one of theose web forums that make believe they have forums
> but really just link to Usenet.
>

I understand what you're trying to do.

Trolls live for a reply.

--
JD..