http://www.malwaretech.com/2015/06/hard-disk-firmware-rootkit-surviving.html
Since i got into firmware hacking, I've been working on a little project behind the scenes: A hard disk firmware based rootkit which allows malware to survive an operating system re-install or full disk format. Unfortunately I can't post a proof of concept for many reasons (people have even contacted me just to tell me not to post it), so instead I've written a presentation overviewing and explaining the rootkit, which I've dubbed MT-SBK.
Sector Spoofing Example - Youtube
Since i got into firmware hacking, I've been working on a little project behind the scenes: A hard disk firmware based rootkit which allows malware to survive an operating system re-install or full disk format. Unfortunately I can't post a proof of concept for many reasons (people have even contacted me just to tell me not to post it), so instead I've written a presentation overviewing and explaining the rootkit, which I've dubbed MT-SBK.
The general purpose of MT-SBK is to provide a "framework" for my previous project, TinyXPB,
A windows XP bootkit. This framework enables TinyXPB to be stored and
loaded from within the hard disk firmware, preventing it from being
removed by: antiviruses, operating system re-installs, or even full disk
reformats. This rootkit is designed for a major brand of hard disk and
can infect the firmware from within the operating system (no physical
access required), it's also completely undetectable to software running
on the host computer.
The only way to remove MT-SBK is by replacing that hard disk's PCB or
connecting an SPI programmer directly to the flash chip and flashing it
with the original firmware.
Comments
Post a Comment