• Home
  • News
  • Hackers Create Malware That Can Only Be Stopped With A Hammer

Hackers Create Malware That Can Only Be Stopped With A Hammer

If you think that I'm talking figuratively and The Hammer is some kind of new ingenious method of removing malware from computers, you are wrong. The image to the left "speaks" eloquently about what a person would need to do if he/she gets infected with this new kind of super-malware which the Kaspersky team recently discovered. According to the security company, the group behind this is the most advanced in the world and is years ahead of the technology created by any anti-virus maker.

It seems that a group called the Equation has managed to create the most intelligent malware that we have ever seen and used it to target the military, telecommunications, embassies, governments and research institutions of countries like Russia, Iran, China, India, Pakistan, and Afghanistan. What's extremely interesting is that this type of malware is very similar to the techniques described by a leaked document from 2013 about the Internet spying capabilities of the NSA. However, Kaspersky didn't go as far as naming the American Security Agency as the culprit, and instead named a cyber group called Equation as the one behind these attacks.

This malware affects the firmware of hard-drives (the part that makes the connection between software and hardware) by creating hidden sectors which can only be accessed via a secret APIs. Once it nests in the HDD, the malware can no longer be removed as the hidden sectors will remain even after formatting and reinstalling the OS. According to the security researchers, this kind of programming requires special low-level coding instructions which aren't publicly available as each manufacturer runs them in its own closed circuit. Getting your hands on specific ATA codes from a single manufacturer would be very difficult and quite costly, but getting this information from a wide array of companies was believed to be almost impossible.

Kasperky's report goes on to give a lot more details about the malware and connects it to previous actions carried out by the NSA or the US in general. You can read it in its entirety by visiting this link.

Comments