Nomen Posted February 19, 2015 Share Posted February 19, 2015 The security / anti-virus software company Kaspersky has made some presentations receitly at security conferences regarding an organized class of malware, the authorship for which they are calling "The Equation Group". It is almost a given that this group is the NSA. I believe that this document will suffice to give sufficient background:http://securelist.com/files/2015/02/Equation_group_questions_and_answers.pdfKaspersky attempts to lay out a road map or history of development of various system-infection and communication tools dating back to 2001, and part of their explanation is that some of this was specifically developed to work under win-9x/me - specifically a software class that Kaspersky is calling "Equation Drug". From the above document:----------EquationDrug’s core modules, designed for hooking deep into the OS, do not contain a trusted digital signature and cannot be run directly on modern operating systems. The code checks whether the OS version predates Windows XP/2003. Some of the plugins were designed originally for use on Windows 95/98/ME.-----------There is scant information as to just how operable these malware modules were against remote control of win-9x/me prior to 2003, and I think we can assume that if they were discovered back then that they might have been incorporated into Anti-virus definitions without knowing who the authors really were.What is more uncomfortable to know is that this document describes the existance of hard-drive firmware-based malware storage, and there seems to be no AV product in existance that can check for this. Also mentioned is malware storage in the registry itself.I've always been critical of AV/AM software's seeming lack of ability to scan the registry files contained on hard drives that are slaved to known good/working systems. I don't believe that it's possible to perform a competent scan on drive that a windows system has booted from (especially if the windows is some version of NT).For maybe only a few years now, I've sort of resigned myself to the fact that at some point before the year 2020 I'm going to rebuild my various home computers with XP (even if it's XP running under FAT32 - because I simply don't trust NTFS). It's articles and discoveries like this one from Kaspersky that makes me stop and wonder if running XP will ever or could ever be as secure and care-free as it has been these many years with win-98. Link to comment Share on other sites More sharing options...
jaclaz Posted February 19, 2015 Share Posted February 19, 2015 (edited) ... running under FAT32 - because I simply don't trust NTFS).Hmmm. jaclaz Edited February 19, 2015 by jaclaz Link to comment Share on other sites More sharing options...
Drugwash Posted February 20, 2015 Share Posted February 20, 2015 Yeah, I read about that earlier. But how about this one...? Not necessarily related to Win9x, but the mere idea of infecting the hardware... Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now