“武器级恶意程序”badBIOS——瑞星拿到样本没？ - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛综合娱乐区 Rising茶馆 “武器级恶意程序”badBIOS——瑞星拿到样本没？

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		请移步新论坛反馈问题或参与讨论		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

12

1 / 2 页

跳转页

[侃谈天下] “武器级恶意程序”badBIOS——瑞星拿到样本没？

baohe 大版主帖子:72578 注册: 2003-04-10 来自:	发表于： 2014-01-28 14:42 \| 只看楼主短消息资料字号：小中大 1楼 “武器级恶意程序”badBIOS——瑞星拿到样本没？在国外网站看到的报道。据说这货2013-11月底已经出笼。比较惊恐的是：据说这货是借助扬声器和麦克传播，且是个跨平台的恶意程序，可在MAC OS、WINDOWS、LINUX不同操作系统的电脑之间传播（即便电脑不连接网络也可被感染）。附上几张截图：附件: 您所在的用户组无法下载或查看附件附件: 您所在的用户组无法下载或查看附件附件: 您所在的用户组无法下载或查看附件附件: 您所在的用户组无法下载或查看附件附件: 您所在的用户组无法下载或查看附件用户系统信息：Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko baohe 最后编辑于 2014-01-28 14:44:49
baohe 大版主帖子:72578 注册: 2003-04-10 来自:	分享到：

茶馆小二大版主帖子:87269 注册: 2003-03-11 来自:rising茶馆	发表于： 2014-01-28 14:45 \| 短消息资料字号：小中大 2楼回复：“武器级恶意程序”——瑞星拿到样本没？猫叔~~~~~~！娱乐区官方群——113762779，加入请注明论坛昵称 O(∩_∩)O点击惊现很多美女，很多贡献，很多滴欢乐O(∩_∩)O 神人到处有，茶馆特别多。谁让我开不成茶馆，我就让ta2012。在我二成一种传奇之后，再也不用羡慕其他人了。
茶馆小二大版主帖子:87269 注册: 2003-03-11 来自:rising茶馆

baohe 大版主帖子:72578 注册: 2003-04-10 来自:	发表于： 2014-01-28 14:46 \| 只看楼主短消息资料字号：小中大 3楼回复 2F 茶馆小二的帖子 2 刑满释放了？
baohe 大版主帖子:72578 注册: 2003-04-10 来自:

50hzq 特邀体验者帖子:727 注册: 2013-03-26 来自:北京西城	发表于： 2014-01-28 14:53 \| 短消息资料字号：小中大 4楼回复：“武器级恶意程序”badBIOS——瑞星拿到样本没？听说过据说卡巴可以拦截
50hzq 特邀体验者帖子:727 注册: 2013-03-26 来自:北京西城

游侠双子星特邀体验者帖子:3333 注册: 2011-04-11 来自:陕西咸阳	发表于： 2014-01-28 16:17 \| 短消息资料字号：小中大 5楼回复：“武器级恶意程序”badBIOS——瑞星拿到样本没？小二出来了！没事我踩踩！灌水是我的第一要义！顶贴是我的首要职责！时令鲜果猕猴桃，有需要的私信我！
游侠双子星特邀体验者帖子:3333 注册: 2011-04-11 来自:陕西咸阳

天月来了版主帖子:76904 注册: 2007-02-06 来自:	发表于： 2014-01-28 17:20 \| 短消息资料字号：小中大 6楼回复：“武器级恶意程序”badBIOS——瑞星拿到样本没？依赖声音转换数据过去有个问题呢没毒的电脑的麦即使开着，难道接收到的音频能导致那电脑的声卡的某些驱动或程序漏洞执行音频内包含的代码唬人呢百年以后，你的墓碑旁刻着的名字不是我
天月来了版主帖子:76904 注册: 2007-02-06 来自:

天月来了版主帖子:76904 注册: 2007-02-06 来自:	发表于： 2014-01-28 17:21 \| 短消息资料字号：小中大 7楼回复：“武器级恶意程序”badBIOS——瑞星拿到样本没？它必须有个前提，就是对方电脑内已经有某个支持将此音频信息包含的数据解读为可执行代码才能传播的显然这一步是不太可能了百年以后，你的墓碑旁刻着的名字不是我
天月来了版主帖子:76904 注册: 2007-02-06 来自:

天月来了版主帖子:76904 注册: 2007-02-06 来自:	发表于： 2014-01-28 17:25 \| 短消息资料字号：小中大 8楼回复：“武器级恶意程序”badBIOS——瑞星拿到样本没？噢！！！！！！再细看看原来深入调查分析发现，只有在移除内部扬声器和麦克风之后，抓包工具才发现不再有数据包传输。Ruiu指出，这个恶意程序能利用扬声器和麦克风在计算机之间进行高频传输。原来是 badBIOS并不是利用扬声器麦克风传播病毒，而是通过麦克风在被感染机器之间进行通信，就像是彼此之间联网。百年以后，你的墓碑旁刻着的名字不是我
天月来了版主帖子:76904 注册: 2007-02-06 来自:

virusmaster 社区嘉宾帖子:1915 注册: 2002-02-16 来自:UFO	发表于： 2014-01-29 09:23 \| 短消息资料字号：小中大 9楼回复: “武器级恶意程序”badBIOS——瑞星拿到样本没？　　A number of readers have asked us, "What do you guys have to say about the BadBIOS story that's unfolding at the moment?" 　　In a nutshell, it's a story about a virus that is claimed to have some remarkable characteristics. 　　Sufficiently remarkable, in fact, to inspire Ars Technica's Dan Goodin to describe it as not just "mysterious" but "omnipotent." 　　What it does 　　Here are some of the claims that have been made about the BadBIOS virus: 　　It is said to infect the low-level system firmware of your computer, so it can't be removed or disabled simply by rebooting. 　　It is said to include components that work at the operating system level, so it affects the high-level operation of your computer, too. 　　It is said to be multi-platform, affecting at least Windows, OS X, and OpenBSD systems. 　　It is said to prevent infected systems being booted from CD drives. 　　It is said to spread itself to new victim computers using Software Defined Radio (SDR) program code, even with all wireless hardware removed. 　　It is said to spread itself to new victim computers using the speakers on an infected device to talk to the microphone on an uninfected one. 　　It is said to infect simply by plugging in a USB key, with no other action required. 　　It is said to infect the firmware on USB sticks. 　　It is said to render USB sticks unusable if they aren't ejected cleanly; these sticks work properly again if inserted into an infected computer. 　　It is said to use TTF (font) files, apparently in large numbers, as a vector when spreading. 　　It is said to block access to Russian websites that deal with reflashing software. 　　It is said to render any hardware used in researching the threat useless for further testing. 　　It is said to have first been seen more than three years ago on a Macbook. 　　By now, you may be thinking that this sounds more like a science fiction movie than real life. 　　In fact, if you're a certain age, you may well be waiting for Jeff Goldblum to burst forth with a Mac, some mysterious and onmipotent file transfer software, and a countervirus that will save the planet. 　　You're probably also thinking that with as many symptoms, twists, turns and apparent tell-tales as are listed above, we ought to know a lot about it after three years. 　　The thing is, all the facts above come from one observer on Twitter, @dragosr, the guy who runs the CanSecWest, Eusec and PacSec security conferences. 　　The abovementioned details have only come out in the past short while, so we can collectively be excused for not knowing an awful lot just yet. 　　What we know 　　One BIOS sample file has been made available; SophosLabs took a brief look and largely concurred with an already-public analysis published on Reddit. (For the record, our analysts didn't see the Reddit story until after they'd looked at the file.) 　　The BIOS we saw seems all but identical to an official Dell Alienware BIOS, so it would be no use on a Mac, for example. 　　And even if a byte-by-byte analysis of the whole BIOS were to reveal a pre-planted backdoor, that would nevertheless only be one small part of the whole story. 　　Furthermore, the software defined radio and speaker-to-microphone infection vectors mentioned above, as a vehicle for jumping airgaps, sound highly speculative. 　　Not impossible, of course - never say impossible where malware is concerned, not least since Stuxnet appeared - but certainly very unlikely. 　　Spreading via USB sticks, like Stuxnet did, would surely be a satisfactory explanation on its own (though the part assuming automatic code execution via USB on multiple operating systems sounds highly speculative, too). 　　Imagine that you could reliably get an infected system to beam out radio waves in the absence of any radio hardware, for example by relying on some serendipitously-located internal circuit parts to serve as your transmitter and antenna. 　　Imagine that you could somehow turn on the speaker and produce reliably-decodable but inaudible sounds. 　　How would you persuade the uninfected computer to receive them at all, let alone to treat them as shellcode that would ultimately let you reflash the BIOS? 　　What to do about BadBIOS 　　I don't think there is any need for alarm over the BadBIOS story. 　　There isn't an obvious threat to everyone (like there was with Stuxnet, even before we knew its inner purpose); it doesn't seem to be spreading in the wild (like Stuxnet was, despite having a specific target); and there are plenty of clear and present threats we can usefully concern ourselves with in the interim. 　　So that's about that for now, I'm afraid - it's a question of watching and waiting.
virusmaster 社区嘉宾帖子:1915 注册: 2002-02-16 来自:UFO

BAGGIO·18 社区嘉宾帖子:70697 注册: 2006-02-05 来自:Ontheroad	发表于： 2014-01-30 21:27 \| 短消息资料字号：小中大 10楼回复：“武器级恶意程序”badBIOS——瑞星拿到样本没？如果听了声音就可以病了那才可怕了 Hello! 我来过
BAGGIO·18 社区嘉宾帖子:70697 注册: 2006-02-05 来自:Ontheroad

<<上一主题|下一主题>>

12

1 / 2 页

跳转页

页面顶部

Powered by Discuz!NT