It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Originally posted by visualmiscreant
reply to post by The X
Wow. Seems like it would have been better not to echo the progress bar when they designed this. Unless perhaps they needed this to "diagnose" newly infected machinery....
Originally posted by grey580
And in any case. Nothing is undetectable.
The Malware would be sending out network traffic to communicate with a C&C server.
And that would mean there's a way to detect the traffic and nullify communication with that C&C server.
Originally posted by Maxmars
reply to post by VoidHawk
I suggest you read the paper the researcher is submitting... he seems to be saying that this technique would involve using nonvolatile ram dedicated to peripherals and such. Me not being any kind of expert hampers my ability to make the case as I am sure the author of the paper could.
Originally posted by The X
One other thing i forgot to mention was a load of registry settings were being adjusted always back to the same settings, it looked like remote differential compression was being used to reconfigure your box to the previous state it was in before the clean install.
Im not kidding, it is very hard to kill, i think the payload was around 50kb (this was the size of the file written on the first sector of the hard drive after a format and it appeared on reboot,), and active from the bios upwards.
Originally posted by C0bzz
As long as you keep your computer secure with a firewall and anti-virus and do not visit questionable websites or run questionable programs then you should be fine. The Intel spokesman was correct in that your computer needs to be compromised in the first place for it to install or you need to install hardware that's infected. So don't.
Also this has nothing to do with daz loader.
Also new motherboards use UEFI instead of BIOS. Apparently it is more secure but I don't know the details.edit on 27/7/12 by C0bzz because: (no reason given)
The application itself injects a SLIC (System Licensed Internal Code) into your system before Windows boots; this is what fools Windows into thinking it's genuine.