Eset is calling this threat the LoJax malware.Īs of this writing, use of this particular attack methodology appears to be limited in scope. This code execution ability, along with the persistence and tracking capabilities of the Computrace software, makes for an extremely effective combination that is difficult to detect or remediate. This code can be stored within the SPI flash modules, which prevents easy detection from many security solutions. These memory modules are where pertinent system resources, such as BIOS and UFEI procedures, are stored.Īn Eset white paper details how Trojanized versions of the Computrace agent have been compromised to allow attackers the ability to execute arbitrary code on vulnerable machines. The software does this by tightly integrating into low-level operations that are stored within SPI flash memory modules located on the physical motherboard of the computer. This methodology allows the code to remain through a re-installation of the operating system or replacement of the hard drive. The Computrace software uses a novel method to maintain persistence on computers. After negotiations with manufacturers, the Computrace agent from Absolute Software-or LoJack for computers-now comes pre-loaded on a large number of machines. In 2005, Absolute Software licensed the LoJack name and subsequent tracking technology to aid in recovery efforts of stolen computers. This Computrace agent from Absolute Software is a service designed to recover lost or stolen computers, the underlying technology of which is based on the LoJack Stolen Vehicle Recovery System. The attack focuses on UFEI-enabled computers and relies on a persistence mechanism that has been stolen from a legitimate, but often questioned, software called Computrace that comes by default on many computer systems. Security researchers have detected the first known instance of a UEFI bootkit being used in targeted campaigns against government entities across Central and Eastern Europe.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |