Saludad Cypherpunks! A while back Coderman posted: “Fwd: [tor-talk] How does one remove the NSA Virus off the BIOS Chip as described by Snowden in the ANT Program it should be noted that BIOS exports contain device identifiers, like HDD serials and so forth... ---------- Forwarded message ---------- On 11/21/15, Flipchan < flipchan@riseup.net
wrote:
I would like to help in anyway i can , i'm currently developing an anti
virus and auditing multi platform program , So if u can find out/copy all
the viruses the nsa have given You and send it i would love to help on
detecting and protecting ppl from it :) you say "find out, copy all" like it's so easy, *grin* here's some fun for you: https://peertech.org/files/taobios-v2.tar.bz2 $ sha256sum taobios-v2.tar.bz2 0ba12b0ecf89d109301b619cbc8275e5cd78b6fefd3724fba0b6952186e37779 interesting details in both samples! ( L2 is config only PDoS via UEFI BIOS :) ” https://lists.cpunks.org/pipermail/cypherpunks/2015-December/011197.html This appears to reference BIOS recovery exploit to launch malware in SMM. I am trying to find a copy of this malware directly, not just the virustotal reports. The peertech.org domain appears to be taken over. Checking for old versions in archive.org does not yeild result - https://web.archive.org/web/20160630/peertech.org/files/taobios-v2.tar.bz2. After seeing CCC Camp presentation on Sednit UEFI malware - https://media.ccc.de/v/35c3-9561-first_sednit_uefi_rootkit_unveiled - I am reminded of this. Does anyone has it?