Extremely sophisticated firmware malware (boot kits etc)

[Guest Bob]

Hi, 

 

I understand that most of this will seem ridiculous, unlikely, or downright impossible but I have been infected with unbelievably sophisticated malware with the following qualities:

 

- Affects all my systems regardless of platform (Windows, Linux, Mac PC's AND Android phones)

- Persists even after physical replacement of HDD/SSD and BIOS flash with manufacturer's website files/instructions

- Persists after factory reset in the case of Android phones

- Infects USB drives, and uses them to transfer data/malware circumventing my attempts to clean systems and recover data from 'air gapped' systems

- Infects and/or corrupts firmware in optical drives (USB, SATA, and IDE!) resulting in odd behavior or causing them to completely stop functioning

- Infected Android device (not rooted) can infect all computers/phones on a shared wifi network

- Makes everyone you know think you're crazy because these things simply aren't possible and I wouldn't believe it myself if I didn't experience it first hand

 

I would absolutely love to share samples, SPI dumps, and even potentially hardware samples if I can get anyone with the necessary expertise to help me make it happen and get to the bottom of it. Do you guys have any contacts or suggestions? I am reaching out to ESET specifically as a result of blackhat presentations regarding firmware exploits and vulnerability research. 

 

Thanks, Bob

[Marcos 5,074]

Since you have posted in the quick questions forum, I can only ask you what makes you think that your systems were compromised and that your organization is the target of a possibly sophisticated APT attack. Do you work for an institution that is interesting for attackers and worth spending a lot of money to get compromised?

 

[Guest Bob]

Hi Marcos,

 

Thanks for your reply. When my system was 'initially' compromised, it was very obvious because someone or something was controlling my computer- scripts/command prompt boxes began popping up etc. I work for a private technology startup, and we have been developing a project with intent to go to market. I cannot go into specifics around the project due to NDA, but if I had the right contact I'm sure we could arrange more detailed discussions.

 

This has affected my entire family as well, so 'nuke from orbit' is simply not an option due to the sheer number of devices compromised. I am not familiar with SPI programming but I am now aware it is the only solution for the affected PC systems. I have already purchased the necessary hardware (SPI programmer, JTAG, etc) and I am experienced in soldering and some programming. Android systems require flashing as well and I have experience in this but not sure I am willing to risk plugging them into a clean machine even in download mode. 

 

This has cost me thousands and thousands of dollars personally and set my organization back several months at least. I know getting in contact with the right security researcher would be mutually beneficial but the combination of NDA, unbelievable, and no clean devices/networks haven't done me any favors. Please advise.

 

Thanks, Bob