Re: Meet “badBIOS,” the mysterious Mac and PC malware that jumps airgaps

coderman coderman at gmail.com
Thu Oct 31 18:56:56 PDT 2013


On Thu, Oct 31, 2013 at 4:56 PM, Johnathan Corgan
<johnathan at corganlabs.com> wrote:
> ...
> Robert Graham has published a well-written response:
>
> http://blog.erratasec.com/2013/10/badbios-features-explained.html


those who find this incredible* need to remember that Flame/Duqu style
attacks (they are just one instance of a family of systems and
programs) have been accelerating and improving since the mid aughts.

the only thing i am surprised by is the lack of infection of mobile
devices; this would be a logical and expected lateral transition or
even infection vector; there is no mention (yet).



the massive stockpile of weaponized 0days, covert exfiltration, and
espionage infrastructure will come to light sooner or later.  we've
only begun to see the outline of what has been wrought with $billions
applied over years by multiple actors...



* some have confused the audio malware channel with audio as infection
vector - this is not the case. from my reading the audio communication
is occurring between infected systems, not a vector for initial
infection. (now _that_ would be a feat ;)



More information about the cypherpunks mailing list