NSA’s one of the known snooping tactics is installing a malware into hard drive’s firmware which makes the deletion of the malware nearly impossible even the malware can avoid formatting of the hard drive.
Nemesis is a malware that can be used for similar purposes as it can avoid clean-up software and can even avoid reinstalling of windows altogether by hiding behind boot records, according to FireEye.
What’s the malware about?
Nemesis is a dangerous malware that is designed for carrying out multiple functions like transferring files, injecting processes, capturing screenshots and keystrokes. It can even steal the financial data from a system. It can even bypass banking systems and can transfer all the financial data to the developers.
What makes it lethal is the fact that it is very difficult to detect by any detection programs. Basically, the malware’s feature of hiding behind the boot records allows it to remain anonymous for any security program even the virus check on the start-up is avoided through this feature.
How to avoid it?
So, what should users do if they are are infected with this malware? Well, according to the FireEye research team if this ever happens to a user they will be required to replace his hard drive altogether, otherwise there is no chance with normal detection systems, the malware will always remain there no matter what you do.
But, this may not be feasible big businesses or enterprises that run a single hard drive on many computers and a replacement could be real daunting as it would take the time to backup all the data on the systems and then start fresh.
Modern operating system secured
Though, modern operating systems like windows 8 and 10 might not be affected by this malware as they utilize secure boot which prevents a replacement of the window bootkit.
Bootkit usually targets enterprise and financial systems which are usually not that updated and have an older operating system in place. So, there is a need for updated financial and enterprise systems, otherwise they could face the worse.
In August this year, a security researcher created a proof-of-concept attack for Macs that covertly replaced the firmware that boots up most modern OS X machines. (Apple has fixed the flaw)
[src src=”Source” url=”https://www.fireeye.com/blog/threat-research/2015/12/fin1-targets-boot-record.html”]FireEye[/src]