Hi all,
This may be a little off topic but it might be illuminating
if you have not seen it before.
https://securelist.com/files/2015/02/Equation_group_questions_and_answers.pdf
best wishes
Tony White
On 24/12/2015 12:08, Russell Coker via luv-main wrote:
On Thu, 24 Dec 2015 01:26:53 AM Douglas Ray via luv-main wrote:
We have a PC with firmware malware on - at least - both DVDs.
Do you have a reference for DVD firmware malware?
I don't know if it's worth recovering the system, but I definitely
want to find diagnostics for identifying infections and vectors
on the rest of the LAN.
Booting a DVD live-image of ubuntu, invocations of
firefox are intercepted and come up as "JON recovery system"
or some such. The attack vector may have been the old XP
system on the harddrive, but equally it may have been one
of the ubuntu images.
A google search on "JON recovery system" gives results about corrupted routers
from D-Link. Apparently if your firmware is corrupted in such a router it will
give you a "JON recovery system" web page to allow you to fix things.
Why would someone go to the immense effort of creating malware that can either
intercept filesystem access to give a different version of the application files
or modify the OS kernel to change the application in memory and then do
something obvious like give a bogus web site?
Are you sure your dlink router isn't broken?
_______________________________________________
luv-main mailing list
[email protected]
http://lists.luv.asn.au/listinfo/luv-main
