If TDL-4 botnets are dead, then what type of botnets are in use today; I would only assume that the botnets used today (2017) are a lot more severe and even more stealthy.
I have talked to a few people that have heard of badusb and they say its the worst thing that can happen to you. Tech experts that have heard of badusb won't even touch your PC or attempt recovery on any of USB storage devices if you tell them that you are infected with badusb because they don't want to infect all their devices. You mentioned that infecting firmware would be difficult because its vender specific; Couldn't a hacker use badusb as a way to infect your BIOS and other PC components. A hacker can discover what OS your using, what motherboard and BIOS version you are using and slowly discover what other hardware you are using. The hacker then can use a series of zero day exploits specific to each vender and infect all your PC components; granted it would take some time, but it would be possible and could be pulled off. My main concern about badusb is the ability to infect the actual USB port on your motherboard or case; Every device you plug in via usb can and will get infected. If you plug your phone or tablet into the PC, a hacker could infect and exploit the device you connected via usb. It would take longer to infect an Iphone or Ipad, but It could be done. Most people have never heard of Juice Jacking and it is becoming more of a problem; Your home computer or laptop can be used as a juice jacking device, but it gets even worse. When you take that same infected device and plug it in, lets say your USB wall charger, your car, or a smart charging hub; The phone or tablet will act as as a deployment platform and will infect any USB device that you plug your phone or tablet into (reverse juice jacking). I suspect that most people will become compromised and remain compromised permanently.
https://m.youtube.com/watch?v=LvpVs8bM0_sWhat is a hypervisor rootkit and what makes it worse then a firmware rootkit. I read that hypervisor rootkit comes under both firmware and hardware rootkits.
http://www.rootkitanalytics.com/firmware/hypervisor.phpWhat type of malware do you think I had. The malware allowed other hackers to connect to my PC. If I wiped my drive clean using zero fill, my PC would appear clean with with no traces of malware, but if I connected online, the malware would call home and download the rest of the malware. After reinstalling my OS 6 times, the malware didn't need to call home anymore. The scary part was, hackers could connect to my PC even if my PC had no Internet connection at all. I had a tech look at it and he fixed part of it, hackers would no longer could connect to my PC. I called the Tech and told and told him that the Malware was still present and I suspected the GPU was still infected. He told me that what I was describing was impossible. I came to this conclusion because its the only logical explanation I could come up with; It would be impossible to store 1-2 GB of malware in the MBR or BIOS. It was like the GPU was running its own OS system (PC was running in the Matrix). I removed the Video card, did another zero fill on the drive and it was pretty much back to normal, no traces of the malware. The DLL injections went away, no more KDOM DLL or other suspicious files being injected when I entered safe mode. I still experienced alternate data streams and redirects. I then tried removing one of the Logitech unifying receivers and everything went back to normal.
If black hackers can exploit these vulnerabilities, then what makes you think that the NSA/CIA or another foreign government with unlimited funding can't. These types of rootkits are not in the wild, but that doesn't mean they don't exist; It only means that a select few may have been targeted.
Show Posts
