Extracting Equation Group's malware from hard drives

[Blibbet]

On 02/17/2015 04:56 PM, Alfie John wrote:
> Hi lists,
>
> Does anyone know of any tools to extract the Equation Group's malware
> from hard drive firmware?

FlashROM should be able to help. Does anyone know if these are BIOS-era
OptionROM- based, or UEFI-based drivers? If they are UEFI drivers, the
UEFI Dev Kit (UDK) tools can help.

> Also, are there any public registries online to report and view
> infections?

RANT: This recent event is an example of why OEMs/IHVs/IBVs need to
treat firmware more like software and not like silicon. We *NEED* SCAP
OVAL definitions SCAP CVEs, ChangeLogs/ReadMes with feature/bug deltas.
These days, there is no excuse, CoreBoot and UEFI(TianoCore.org) are
open source projects, not the ancient monolithic BIOS codebase with
ancient OpROM blobs. All existing blobs that OEMs/IHVs release should be
signs, and have a CRL/OSCP URL for updates. There needs to be a public
registry of these BIOS OpROM blobs and UEFI binaries. We need a vendor
neutral logo that lists detalis about firmware, not rely on MSFT to
drive Windows OEMs to only do what MSFT wants; and we need Consumer
Reports to track this data about systems. Most importantly, OEMs need to
build systems which enable users to install their own firmware, like
users do today with OS software.