1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Some not so breaking news on Greyfish - frimware malware

Discussion in 'Windows - Virus and spyware problems' started by Mez, Aug 18, 2015.

  1. Mez

    Mez Active member

    Joined:
    Aug 12, 2005
    Messages:
    2,936
    Likes Received:
    6
    Trophy Points:
    68
    I just came across this. While most publications were vague on which drives are vulnerable. It is all major brands. One thing to note in the pdf on page 22 it mentions MBR substitution. I have had a very bad experience with MBR substitution. When you remove the virus the MBR becomes un-readable. If you are dealing with a root kit you might want to back up to an optical disk(s) any data you can't part with. If you have too much just take it off line and leave it in isolation (no USBs or external drives)! All external drives and USBs should be suspect as well as your other computers. Otherwise you may risk the loss of all the disks you have in the computer as well as any external drives which are likely just as infected. I haven't tried to fix a computer with a possible root kit since I lost 12 TB of data. I was lucky enough to recover the first batch of drives. My second bout of 1 drive the data was lost for good. The malware was improved from the last attack I doubt that my old trick will ever work again. I have 13 TB of data now and I do not want to part with.

    Lastly, both articles state this group only goes after high profile types. I am not high profile and I have 'seen' other victims comments in forums ect and they didn't appear high profile either. Maybe other hackers are using a similar product but my infected computers have all the ear markings of Greyfish, that I can find. I don't have a vast array of tools. I would pay attention if I was you.

    http://www.dailykos.com/story/2015/...Hacking-of-Virtually-All-Hard-Drive-Firmware#

    The PDF
    https://www.cs.bu.edu/~goldbe/teaching/HW55815/presos/eqngroup.pdf
     

Share This Page