{"id":22766,"date":"2013-11-01T08:05:53","date_gmt":"2013-11-01T13:05:53","guid":{"rendered":"http:\/\/quotulatiousness.ca\/blog\/?p=22766"},"modified":"2013-11-01T08:12:01","modified_gmt":"2013-11-01T13:12:01","slug":"lets-hope-badbios-is-an-elaborate-halloween-hoax","status":"publish","type":"post","link":"https:\/\/quotulatiousness.ca\/blog\/2013\/11\/01\/lets-hope-badbios-is-an-elaborate-halloween-hoax\/","title":{"rendered":"Let&#8217;s hope badBIOS is an elaborate Halloween hoax"},"content":{"rendered":"<p><a href=\"http:\/\/arstechnica.com\/security\/2013\/10\/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps\/\" target=\"_blank\">Dan Goodin<\/a> posted a scary Halloween tale at <em>Ars Technica<\/em> yesterday &#8230; at least, I&#8217;m hoping it&#8217;s just a scary story for the season:<\/p>\n<blockquote><p>In the intervening three years, Ruiu said, the infections have persisted, almost like a strain of bacteria that&#8217;s able to survive extreme antibiotic therapies. Within hours or weeks of wiping an infected computer clean, the odd behavior would return. The most visible sign of contamination is a machine&#8217;s inability to boot off a CD, but other, more subtle behaviors can be observed when using tools such as Process Monitor, which is designed for troubleshooting and forensic investigations.<\/p>\n<p>Another intriguing characteristic: in addition to jumping &#8220;airgaps&#8221; designed to isolate infected or sensitive machines from all other networked computers, the malware seems to have self-healing capabilities.<\/p>\n<p>&#8220;We had an air-gapped computer that just had its [firmware] BIOS reflashed, a fresh disk drive installed, and zero data on it, installed from a Windows system CD,&#8221; Ruiu said. &#8220;At one point, we were editing some of the components and our registry editor got disabled. It was like: wait a minute, how can that happen? How can the machine react and attack the software that we&#8217;re using to attack it? This is an air-gapped machine and all of a sudden the search function in the registry editor stopped working when we were using it to search for their keys.&#8221;<\/p>\n<p>Over the past two weeks, Ruiu has taken to Twitter, Facebook, and Google Plus to document his investigative odyssey and share a theory that has captured the attention of some of the world&#8217;s foremost security experts. The malware, Ruiu believes, is transmitted though USB drives to infect the lowest levels of computer hardware. With the ability to target a computer&#8217;s Basic Input\/Output System (BIOS), Unified Extensible Firmware Interface (UEFI), and possibly other firmware standards, the malware can attack a wide variety of platforms, escape common forms of detection, and survive most attempts to eradicate it.<\/p>\n<p>But the story gets stranger still. In posts here, here, and here, Ruiu posited another theory that sounds like something from the screenplay of a post-apocalyptic movie: &#8220;badBIOS,&#8221; as Ruiu dubbed the malware, has the ability to use high-frequency transmissions passed between computer speakers and microphones to bridge airgaps.<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>Dan Goodin posted a scary Halloween tale at Ars Technica yesterday &#8230; at least, I&#8217;m hoping it&#8217;s just a scary story for the season: In the intervening three years, Ruiu said, the infections have persisted, almost like a strain of bacteria that&#8217;s able to survive extreme antibiotic therapies. Within hours or weeks of wiping an [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[15],"tags":[160,109,129,385,94,334],"class_list":["post-22766","post","type-post","status-publish","format-standard","hentry","category-technology","tag-apple","tag-computers","tag-hack","tag-malware","tag-microsoft","tag-security"],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p2hpV6-5Vc","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/posts\/22766","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/comments?post=22766"}],"version-history":[{"count":1,"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/posts\/22766\/revisions"}],"predecessor-version":[{"id":22767,"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/posts\/22766\/revisions\/22767"}],"wp:attachment":[{"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/media?parent=22766"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/categories?post=22766"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/tags?post=22766"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}