Chinese Security firm Discovers new BIOS based Virus

Chinese AV company 360 discovers a new Troajn, the “BMW Virus” (also called Mebromi), that can actually infect a computers BIOS:

“BMW 360 Security Center virus is the latest catch of a high-risk virus, the virus that infected a chain BIOS (motherboard chip program), MBR (master boot drive) and Windows system files, reinstall the system, regardless of the victim computer, format the hard disk, or replace the hard disk can not completely remove the virus.” – Translated 360 page

According to The H Security, when a system is infected, the trojan checks to see if the system has an Award Bios. If it does, it hooks itself to the BIOS. Once the system is restarted, it adds itself to the hard drive’s master boot record (MBR). Next it infects the winlogon.exe or winnt.exe system files (depending on Windows OS version).

The malware also is a Trojan downloader, it will connect out and try to download other viruses to the infected system.

If the system uses a BIOS other than Award, the Trojan skips trying to write to the BIOS, but still tries to infect the MBR of the boot hard drive.

Removing the virus from the MBR and infected files really has no effect, because as soon as the system is restarted, the BIOS is read and the computer re-infected again.

Seeming most virus companies will not want to create a BIOS cleaning utility, most likely the BIOS would need to be re-flashed to remove the virus infection completely.


Cloaking Armor: Turning Tanks into Polar Bears

Adaptiv armor, new infrared defeating armor developed by BAE Systems was unveiled recently at the 2011 Defense and Security Equipment International (DESi) conference.

The armor is made up of 1,000 temperature changing tiles that can be changed to make the tank “disappear” or even to look like a different vehicle, or unbelievably, even an animal.

According to Foxnews:

To transform into an entirely different object, Adaptiv draws from its pattern library organized by terrain and projects itself as something native to the immediate area. For example, if it enters an Artic environment it can conjure up a polar bear and project itself as one so sensors scanning for a tank see a harmless animal.

Very cool indeed!

New Version of the Social Engineering Toolkit (2.1) to be Released at Derbycon!

Looks like security Guru David Kennedy and his team have done it again. A new bigger, badder, better version of the Social Engineering Toolkit (SET) is set to be released at the security conference DerbyCon in Louisville, Kentucky at the end of the month.

Don’t be fooled by the 2.1 designation, there looks to be some MAJOR changes here.

One being the ability for the payload to be read and executed straight from memory instead of being written to disk. This should make a huge difference in the payload bypassing Anti-Virus detection.

Another big feature is the addition of Fast Track automation to the Social Engineering Toolkit.

Check out the teaser video:

For more information, and a look at the long list of changes and updates, check out the SecManiac website!

NATO seeks Cyber Alliance with India

With the flood of international system breaches, NATO may turn to India for assistance.  And the move just makes sense. Though not spelling it out clearly, one of the main threats they have in common is China.

Reports from security research group Information Warfare Monitor (IWM) for the last couple years have claimed that a Chinese hacker entity called “GhostNet” has attacked and compromised NATO systems along with several other countries. In 2010, the research group focused on intrusions into India’s government and defense systems:

“Their 2010 report claimed that major Indian defence establishments, including the Institute of Defence Studies and Analyses, National Security Council Secretariat, National Maritime Foundation, and armed forces units were targeted and secret presentations on weapons systems stolen by Chinese hackers.

India is a good choice for a cyber alliance. India has been a strong technology partner with the US, and we face many of the same threats. They have been a more consistent ally in the region – compared to China and our sometimes partner in the war on terror, Pakistan.

The problem is though that Chinese state backed hackers are not the only threat we are facing. The Russian Business Network and other foreign government backed entities seem to be falling from the radar as Chinese hackers threats take center stage. And lets not forget the lone hakers or political hacktivist groups that are very active.

Individual entities will be much harder to defend against as they are more random and may even be attacking the country that they live in.

Sure, many of the attacks by groups like Anonymous are more of an irritation than a national threat (they have downed NATO and even CIA websites).

But what about individuals like the “Comodohacker” who recently stole over 500 digital certificates from Dutch company DigiNotar? (Apparently including SSL certificates for the CIA, Mossad and MI6). He claims to be a lone Iranian hacker, and the certificates that were compromised were from companies around the world. It would seem though that fellow Iranians may also  be a target, as on Friday, Google notified Iranian G-Mail users that their usernames and passwords may have been compromised by Comodohacker.

Countries working together to stop cyber attacks is a great thing and needs to be done, but the complexity and inherent anonymity of the web creates some major hurdles that need to be overcome.