dragosDennis Fisher talks with researcher Dragos Ruiu about his years-long struggle with a group of attackers who have infiltrated his network and are using malware that seems to resist all removal attempts and may have the ability to communicate using sound.

Download: digital_underground_132.mp3

*Dragos image via Gohsuke Takama‘s Flickr photostream, Creative Commons

Categories: Malware, Podcasts

Comments (15)

  1. Effectix
    1

    This is very interesting… Doesn’t this thing need to establish a protocol on the uninfected computer in order to be able to transmit via sound/mic?

    Unless there is an underlying protocol to be able to translate this sound on the other device… I don’t understand how this could travel from one system to the other if the computers aren’t equipped to understand that method of data transfer… if this is between infected computers, i can dig it as the malware itself could have the protocol directives embedded into it…

    Reply
    • HackDefendr
      3

      Really? A moron…? Do you even know who Dragos is? Probably not. You are probably one of those people that fixed your mom’s computer and she called you a genius and that went to your head.

      Reply
    • Laurie Chmiel
      4

      this guy is no moron. he’s
      well respected in the field.

      There are reasons he would be targeted, and you aren’t.

      Reply
  2. Nak Slim
    6

    You let this guy drone on asking no relevant questions.

    Where are the samples?

    Where are the forensics dumps?

    What are the hashes?

    Reply
  3. snort
    9

    is this
    https://forums.comodo.com/general-security-questions-and-comments/is-this-real-or-bogus-and-paranoia-gpubasedparavirtualizationrootkit-t93778.0.html

    http://forum.sysinternals.com/gpu-based-paravirtualization-rootkit-all-os-vulne_topic26706.html

    the same thing ?

    what if drago is looking in the wrong place ?

    what if he got a variant of this malware paravirtulization if you looked at the both malware
    it could be plausible ???

    anyway in the end this is no work of a kid
    who could be behind such strange attack ? NSA ?

    BTW the virtulization rootkit exists ” Blue Pill ”
    for example

    Reply
    • Backdoor
      10

      “anyway in the end this is no work of a kid
      who could be behind such strange attack ? NSA ?”

      Strange? Seems to be perfect for corporate espionage.

      Reply
  4. Joseph L. Jackson
    11

    The guy is not a moron. He’s a crackpot. The morons are the ones who took his paranoid raving seriously for more than the half-a-second necessary to ascertain them as such.

    A three-year failure and he’s “well-respected?” Please. If that’s true then it says less about Ruiu and more about those who are too free in dispensing their “respect.”

    Reply
  5. mikull
    13

    share the pcap’s you muppet. just BS. not captured the downloads? what the hell..what were u doing for 3 years? just looking? this is TOTAL BS..waste of time, trying to make a mark in the industry like this, FAIL.

    Reply
  6. Adam Hawk
    14

    Interesting how guys that can barely run existing tools are judging a person who actually discovered many of the concepts upon which the tools were built on.
    How do you run pcap on an stack that is not showing up on your OS? You can try to decode the low-speed audio stream, but good luck with that.
    When the 3Com NIC bios hack, you had to parasite the cable via a port on a switch in order to detect the MIM, no way to do it on the computer itself. And that was 22 years ago.

    Reply
  7. sdfsdfs
    15

    pcap only detecting protocol based what pcap library had. It absolutely a decoy. You need use special ms-dos application from atmel or intel to detect your memory state….

    I only use my smartphone with earpohone while detection there is microphone Jack to send “broadcast” digital like signal..yeah the one like constant morse code, sound like telling “here i am … i am listening…..my port open….”

    but this sound like state level tech so I let them play…

    Reply

Leave A Comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>