Coderman's taobios-v2.tar.bz2
Where is Coderman?
DondeEsCoderman at protonmail.com
Mon Dec 31 13:11:27 PST 2018
Saludad Cypherpunks!
A while back Coderman posted:
“Fwd: [tor-talk] How does one remove the NSA Virus off the BIOS Chip as described by Snowden in the ANT Program
it should be noted that BIOS exports contain device identifiers, like
HDD serials and so forth...
---------- Forwarded message ----------
On 11/21/15, Flipchan <
flipchan at riseup.net
> wrote:
>
I would like to help in anyway i can , i'm currently developing an anti
>
virus and auditing multi platform program , So if u can find out/copy all
>
the viruses the nsa have given You and send it i would love to help on
>
detecting and protecting ppl from it :)
you say "find out, copy all" like it's so easy, *grin*
here's some fun for you:
https://peertech.org/files/taobios-v2.tar.bz2
$ sha256sum taobios-v2.tar.bz2
0ba12b0ecf89d109301b619cbc8275e5cd78b6fefd3724fba0b6952186e37779
interesting details in both samples!
( L2 is config only PDoS via UEFI BIOS :)
”
https://lists.cpunks.org/pipermail/cypherpunks/2015-December/011197.html
This appears to reference BIOS recovery exploit to launch malware in SMM. I am trying to find a copy of this malware directly, not just the virustotal reports. The peertech.org domain appears to be taken over.
Checking for old versions in archive.org does not yeild result -
https://web.archive.org/web/20160630/peertech.org/files/taobios-v2.tar.bz2.
After seeing CCC Camp presentation on Sednit UEFI malware -
https://media.ccc.de/v/35c3-9561-first_sednit_uefi_rootkit_unveiled
- I am reminded of this.
Does anyone has it?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 2011 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20181231/24da4661/attachment.txt>
More information about the cypherpunks
mailing list