Test of BIOS Spyware

14 Oct 2003

      We received the note below about spyware allegedly created for
a Maryland agency with code which needs to be tested.
We'd appreciate feedback on the note and the code. Beware
of a sting. The code:

  http://cryptome.org/ExpCode.ASM

-----

The note:

CPR Tools Inc. of Labelle, Florida is engaged in the
development of software which becomes part of the
firmware BIOS of a PC motherboard and takes control of
a users PC before the operating system is loaded. This
enables the software to spy on the user and remain
hidden to the operating system. The software is
designed to be installed from a floppy disk which
modifies the original BIOS, replacing it with the
modified BIOS containing the "spyware" The software
was developed for a government agency in Maryland.

Versions of the software for a ASUS P4B266 motherboard
and an IBM Netvista 8311 motherboard have been
developed with other versions under development.

Attached is a copy of the software, ExpCode.ASM, the
version for the P4B266 motherboard. The .ASM file is
assembled and converted into a .BIN file which is then
pasted over a section of the  original BIOS .BIN
file. The checksum at the end of the BIOS is
subsequently adjusted to make the BIOS checksum valid.

Details:

CPR Tools [http://www.cpr-tools.com]
730 East Cowboy Way
Labelle, FL 33935
(863) 674-0120

Owners:
Antonio Jesus Alvarez		tony@netwacci.net
Candy Michelle Alvarez

-----

John Young

Ralf-P. Weinmann

Ralf-P. Weinmann

tags

participants (2)