LightEater Malware can destroy your system

Discussion in 'Frontpage news' started by dsbig, Mar 21, 2015.

  1. Jahooba

    Jahooba Member

    Messages:
    25
    Likes Received:
    0
    GPU:
    Nvidia GTX 670 FTW 2GB
    I just built a computer with a UEFI BIOS and I can understand why it's vulnerable, but the software does make it much easier to update. The motherboard I got (ASUS) came with some management software that downloads and patches the BIOS in seconds, automatically.

    I guess the real problem is when ASUS move on and stop supporting that motherboard.
     
  2. primetime^

    primetime^ Master Guru

    Messages:
    906
    Likes Received:
    16
    GPU:
    Sapphire RX Vega 64
    lol i really hope your were being sarcastic
     
  3. Corrupt^

    Corrupt^ Ancient Guru

    Messages:
    7,045
    Likes Received:
    349
    GPU:
    Geforce RTX 3090 FE
    Exactly...

    Which means I'm safe. Got one of the last pre UEFI gen Gigabyte Motherboards.
     
  4. tsunami231

    tsunami231 Ancient Guru

    Messages:
    11,604
    Likes Received:
    816
    GPU:
    EVGA 1070Ti Black
    Sweet malware for bios that almost never kept updated by the endusers, and the manufactures all but stop updating them after about 3 years or so??. there hasnt been update for my BIOS since 2011 then again I one those users that dont update bios unless there reason to, updating bios is more risky then update software. Then again maybe that all changed since the UEFI bios which i dont really like but they sure do boot faster then the old bios, atlest pre windows loading stuff is much faster.

    My pre UEFI bios are safe expect for possible my sisters 2014 ASus laptop. which is 300$ pos that less powerful then my duo core 8400e system i gave to my dad. but better then the pos 1500$ broke sony laptop her bf gave her that he knew was broke too.

    I stand by the saying newer dont mean better just means newer, this newer tech can be worse and apparently less secure too now hah
     
    Last edited: Mar 21, 2015

  5. Lol, this is actually very beneficial fro MOBO manufacturers. Make exploit, infect machines, say for UEFI update: "Do it at your iwn risk", insert random code for bricking mobos at even as low as 2% rate, and yeah, you got more consumers in need for new mobos :D.

    Oh, i have so much evil ideas :D, sometimes, it seems that someone already beat me to it ;).
     
  6. sykozis

    sykozis Ancient Guru

    Messages:
    21,799
    Likes Received:
    1,056
    GPU:
    MSI RX5700
    UEFI is only "safe" if you enable SecureBoot, and the malware is trying to modify UEFI prior to Windows load. If it can modify UEFI from within Windows, there's nothing to protect UEFI systems. At least the old BIOS had a write-protect mechanism to prevent modifications/updates to the BIOS without entering the BIOS and manually changing the setting.
     
  7. Extraordinary

    Extraordinary Ancient Guru

    Messages:
    19,562
    Likes Received:
    1,623
    GPU:
    ROG Strix 1080 OC
    There was an exception which we used in my old job, a little DOS tool called "cmospwd-5.0" which would allow you to reset the BIOS from Windows, removing passwords etc - useful for laptops with either a very difficult to get to or permanently soldered to the board CMOS battery

    Not really a modification/update, but allowed a reset without entering BIOS
     
  8. LesserHellspawn

    LesserHellspawn Master Guru

    Messages:
    660
    Likes Received:
    14
    GPU:
    2x GTX980ti
    Can work. I prefer "patch it before it breaks". I'm even regularly checking the firmware on my devices.
     
  9. Sergio

    Sergio Master Guru

    Messages:
    254
    Likes Received:
    7
    GPU:
    Asus 760 DirectCU II OC
    Hi guys, sorry i am really noob to this uefi and new systems. I didnt build this system, and didnt install main OS either. Have win7 and win8.1(installed later) dual boot. Asus Z87-Deluxe with 1405 Bios

    I looked msinfo32 and found only 2 lines about bios.

    [​IMG]

    [​IMG]

    And i gone to bios and searched secure boot option, it was saying "Enabled", and security Key "loaded" (not sure exact option name). All two options grayed out. And below there is another option that takes me to KEY options.

    Am i safe now?

    Thanks.

    edit: learned how to take bios screenshot, so here are the images of those options.

    And i saw that my main SSD win7 OS is not labeled as UEFI at main bios screen. After inserting my USB stick i saw UEFI label on it , but not on main SSD.

    http://i.imgur.com/oZcdeoL.png
    http://i.imgur.com/B1xZz9m.png
    http://i.imgur.com/klSBJbD.png
     
    Last edited: Mar 22, 2015
  10. Pill Monster

    Pill Monster Banned

    Messages:
    25,215
    Likes Received:
    8
    GPU:
    7950 Vapor-X 1100/1500
    ASUS eeproms are write protected and only accept digitally signed images. No signature, no flash.

    Not exactly easy?



    Lets be realistic: prob the majority of users who just read the alarmist content above.


    To be brutally honest the standard of "news" here seems to have been slipping recently. I've seen at least 3 subbed articles which come across as sensationalist and misleading....similar to Tabloid journalism.

    A while back there was an article published stating Samsung firmware was "bricking" SSD's this based on a single post in some other forum and the drive was not even bricked:
    Misleading, sensationalist.

    Another onecame from TechReport I think, screaming about Seagate HDD failure rates based on that inconclusive Backblaze article.
    .

    I have no idea who's publishing this stuff but please take some constructive criticism and consider using more discretion with what constitutes as news, even if it is just subbed material.

    Thanks.
     
    Last edited: Mar 22, 2015

  11. orky87

    orky87 Member Guru

    Messages:
    156
    Likes Received:
    0
    GPU:
    R9_Nano
    Last security report was on HDD which have backdoors in their firmware, now this. As it is, it's only a theory and speculation nothing to be alarmed about.
    By the time this malware becoms a real risk most mobo manufacturers will have safety measures implemented. Or so we'd like to think.
     
    Last edited: Mar 22, 2015
  12. Agonist

    Agonist Ancient Guru

    Messages:
    3,111
    Likes Received:
    383
    GPU:
    XFX 5700XT Raw II
    NO UEFI for me right now on my main rig. But second one is a AsRock 970 Extreme4 and its UEFI. Kinda took a little bit used to getting used before I oced the FX 8120 in it.

    They latest bios for it is from Nov 2013.
     
  13. pimp_gimp

    pimp_gimp Ancient Guru

    Messages:
    6,624
    Likes Received:
    30
    GPU:
    RTX 2080 Super SLI
    You used to be able to use unsigned images by flashing the system using USB Flashback, but I think they eventually patched it out. At the same time if you were to try and inject malware into the system using that feature you'd have physically be at the machine. So I'd think Asus boards are pretty safe from this?
     
  14. Darkje

    Darkje Member Guru

    Messages:
    144
    Likes Received:
    0
    GPU:
    Asus GTX660ti DCII
    So any way to detect it? I'm guessing the virus won't show itself when you dump the uefi from an infected machine to a file, so it will be hard to detect it from a running machine with active 'virus'...
     
  15. Extraordinary

    Extraordinary Ancient Guru

    Messages:
    19,562
    Likes Received:
    1,623
    GPU:
    ROG Strix 1080 OC
    Id imagine comparing the HASH of an infected file vs the original will show a different hash on the infected one
     

  16. anticupidon

    anticupidon Ancient Guru

    Messages:
    5,836
    Likes Received:
    2,236
    GPU:
    Polaris/Vega/Navi
    Security logic tells me that nothing is secure,there are just levels of it.
    More,there will always be the coflict between convenience and security.OEM offers just that,convenience,screw the average Jimmy who tinkers with his computer.
    And when disaster strikes,just use the oldest trick in the book,by putting the blame on others.
     
  17. TheDeeGee

    TheDeeGee Ancient Guru

    Messages:
    7,074
    Likes Received:
    1,293
    GPU:
    NVIDIA GTX 1070
    Mine (F10) is from September 5th 2014 which is the latest.

    Guess it needs an update aswell.
     
  18. Pill Monster

    Pill Monster Banned

    Messages:
    25,215
    Likes Received:
    8
    GPU:
    7950 Vapor-X 1100/1500
    Yes, exactly. :)
    Even without digital signing the image had to be original, meaning oproms can be inserted but nothing modified/injected (my understanding at least).

    But Eeproms programmed with Aptio V (X99) are now signed with an AMI keycode.
    In order to flash a malicious image you would quite literally need to be standing at the machine with a hardware SPI flasher in your hand.

    So yeah...I think we can relax for now. lol
     
    Last edited: Mar 22, 2015
  19. Rich_Guy

    Rich_Guy Ancient Guru

    Messages:
    12,652
    Likes Received:
    645
    GPU:
    MSI 2070S X-Trio
    Same here, im still running the 1004 BIOS on mine, theres 2x newer, but its working fine.
     
  20. waltc3

    waltc3 Maha Guru

    Messages:
    1,253
    Likes Received:
    411
    GPU:
    AMD 50th Ann 5700XT

    UEFI really didn't take off until a good while after Win7 shipped, and from what you say here it appears you have a standard bios and do not have a UEFI system. (Pay no attention to the UEFI markings on your USB stick--that's just advertising...;)) The main point to UEFI is the secure-boot function, which was designed to stop viruses and other malware that were getting into bioses and systems ahead of the operating system at boot time--before the OS AV components could act to eradicate it. Coming in under the OS like that a nasty bit of software could actually take over a machine without having to go through the OS at all--and secure-boot UEFI eliminates that possibility (pretty much) and because it's a program accessible to the OS that means that any OS-resident AV software can see right down through the UEFI--and if it spots a nasty can act to kill it from the OS level after the system boots. The older, standard bios has no protection during boot and if something gets into the bios it probably wouldn't allow itself to be flashed out of existence, so the only way to fix it would be to pop in a new bios chip.

    Chances of ordinary people running into something like this even with a standard bios is very remote. This is the kind of thing you see in a targeted attack, usually espionage at the corporate level. But even there it is not at all common--at least as far as detection goes...;)
     

Share This Page