Zero access Rootkit
Jamon Camisso
jamon.camisso-H217xnMUJC0sA/PxXw9srA at public.gmane.org
Tue Nov 26 18:35:47 UTC 2013
On 26/11/13 01:27 PM, Aruna Hewapathirane wrote:
>> Reinitialized is NOT a low level format. Also doing even that is
>> complete overkill. Simply overwriting the disk with zeroes is plenty,
>> and even that is overkill. Writing a new filesystem and partition table
>> would be enough to wipe any link to any software on the disk.
>>
>
> Overkill I can live with but if this root-kit trojan has a mechanism that
> actually goes and resides in the BIOS then we are right royally screwed ?
> And wiping the disk is not going to help ? In that case flashing the bios
> and in extreme cases actually pulling out and puting the bios chip back is
> the only solution ? So YES agreed it is overkill but liek I said better to
> be safe than sorry with no back up of countless hours of data. ( Yes I had
> to do this long years ago :-)
But Zero Access trojan does not affect the BIOS:
https://www.symantec.com/security_response/writeup.jsp?docid=2011-071314-0410-99
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list