Stories
Slash Boxes
Comments

SoylentNews is people

Kaspersky Claims to have Found NSA's Advanced Malware Trojan

posted by janrinok on Monday March 16 2015, @02:08PM   Printer-friendly
from the likely-but-not-proven dept.

mendax writes:

All of you knew that it could only get worse:

Kaspersky malware probers have uncovered a new 'operating system-like' platform that [they claim] was developed and used by the National Security Agency (NSA) in its Equation spying arsenal. The EquationDrug or Equestre platform is used to deploy [an estimated] 116 plug-in modules to target computers that can siphon data and spy on victims. So far, only 30 modules have been identified.

"It's important to note that EquationDrug is not just a trojan, but a full espionage platform, which includes a framework for conducting cyber-espionage activities by deploying specific modules on the machines of selected victims," Kaspersky researchers say in a report.

The article goes on to explain that Kaspersky further believes that the software is part of the "NSA's campaign to infect hard disk firmware". There is considerably more detail in the article.

I think I am going to get my old manual typewriter out of the garage, get a new ribbon, use U.S. Mail instead of e-mail, and buy more ink for my fountain pens.

 
This discussion has been archived. No new comments can be posted.
Kaspersky Claims to have Found NSA's Advanced Malware Trojan | Log In/Create an Account | Top | 70 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by zeigerpuppy on Tuesday March 17 2015, @01:16AM

    by zeigerpuppy (1298) on Tuesday March 17 2015, @01:16AM (#158678)

    I was wondering along similar lines, whether using ZFS would help.
    ZFS generally tries to get low level (block) access to the drive and it does consistency checks via checksums on blocks read and written.
    I think with ZFS it would be hard to inject data unless the software was also faulty.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 2) by wantkitteh on Tuesday March 17 2015, @05:28AM

    by wantkitteh (3362) on Tuesday March 17 2015, @05:28AM (#158749) Homepage Journal

    Elsewhere in these comments, I've theorised on the infection method having to support the file system (and encryption method) of any drive it infects to make sure it'll maintain integrity after the change in reported drive geometry. ZFS won't make any difference as far as detected the problem goes, but it's advanced features would certainly make it more of an engineering challenge to implement this malware on and it's not exactly the most used FS in the world - certainly as far as desktop systems go - so I'd certainly say a system booting from ZFS would be near the bottom of the list when considering likelihood of infection at a later date. Damnit Apple, why did you have to cancel ZFS support?