Tumblelog by Soup.io
Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

November 02 2013

raistlin
14:37

The BadBIOS story and my comments

As I usually do when there's a developing story, here are some reflections and comments on the BadBIOS story.

If you don't know what I'm talking about, just do yourself a favor and start from here, which is a good summary as any. You can also read a different summary, complete with many of the tweets by Dragos, here.

First things first: Dragos Ruiu is a friend, a trusted peer, and if he comes public with something so wild and difficult to believe, I completely trust he has seen something. As all humans, Dragos might be wrong, he might be overestimating stuff, or whatever, but I don't doubt for a minute that he has (what he think is) proof of what he says.

I completely agree with the analysis Robert Graham has done here and share most of his observations. What has been described is all technically possible, but the combination of everything in such an evil and nasty set of malware (more on this in a minute) would be completely unheard of. If anybody shrugs and says he's seen stuff like this before, please waterboard him until he says where.

I would like to share these useful observation on what BIOS can/cannot do. However, I would respectfully disagree with the conclusion that what Dragos is seeing cannot be there. We know that malware and rootkits can be composed by multiple components, and the BIOS component might only be responsible for a few of the reported behaviors. We simply have to wait for more details and samples to be provided.

It should be noted that Igor Skochinsky, a well respected malware reverser, analyzed some samples provided and believes them to be malware free.

In conclusion: I completely respect and trust Dragos. I do believe he saw something complex and behaving misteriously. I think we are missing a lot of technical details still, and I look forward to release of malware samples, at least in the usual trusted communities for malware analysis.
Tags: BadBIOS
Reposted byunskilled unskilled

Don't be the product, buy the product!

Schweinderl