Wednesday, December 30, 2015

Tuesday, December 29, 2015

Nemesis Bootkit Malware the new stealthy Payment Card.

After I read many articles I got this infos about Nemesis Bootkit Malware:
 - suspected to originate from Russia;
 - infect PCs by loading before Windows starts
 - has ability to modify the legitimate volume boot record;
 - seam to be like another Windows rootkit named Alureon;
 - intercepts several system interrupts to pass boot process;
 - can steal payment data from anyone's not just targeting financial institutions and retailers;
 - this malware hides between partitions and is also almost impossible to remove;

I think about the antivirus and internet security solutions can deal with this type of issues.

Take a look at how fast working the scan disk and how it's working the memory traps, how it's working the booting process or maybe try to see how selinux works.
In my opinion these Antivirus and Internet security solutions are just not effective in design and heuristic detection.
Most of that the prices of this softwars is huge versus non make anything all.

Maybe will see into the future a mega malware wich jump from first boot to any operating system and this because the hardware is more complex and fast.

Thursday, December 24, 2015

How to fix Grub2 bootloader flaw.

According to researchers Ismael Ripoll and Hector Marco,who wrote this article:

A vulnerability in Grub2 has been found. Versions from 1.98 (December, 2009) to 2.02 (December, 2015) are affected. The vulnerability can be exploited under certain circumstances, allowing local attackers to bypass any kind of authentication (plain or hashed passwords). And so, the attacker may take control of the computer.

Just hit the backspace key 28 times at the Grub username prompt during power-up.
This will open a Grub rescue shell with the rescue shell allows unauthenticated access to a computer and the ability to load another environment.
The Grub versions 1.98 to 2.02 are affected and suffer integer overflow problem.
The basic of the fault lies within two functions; the grub_password_get() function and the and grub_password_get() script.
To fix it use this patch.