Skip to main content

Pre-boot malware Nemesis targets financial systems with data theft

researchers use ambient light sensor data to steal browser exhausted man computer problems desk hacking hackers malware frust
Shutterstock
One of the more interesting revelations about the snooping tactics employed by the NSA over the past few years was that the agency had managed to install malware into hard-drive firmware in order to get around deletion during formats. While not as complicated as that, Nemesis malware uses a similar system by hiding outside the reaches of normal clean-ups, dodging even operating system reinstalls by hiding in the boot-record.

IT professionals who don’t want the malware equivalent of the Nemesis character pictured above rampaging within the systems they manage will be on guard against this possibility.

Nemesis is in actuality a collection of programs and malware that is capable of doing lots of different things. It can transfer files around, capture screenshots and keystrokes, inject processes, and even capture financial data from a system. It’s designed to hide away on banking systems and siphon off funds and financially important information for the nefarious individuals behind its injection.

And by hiding itself within the boot-record of a system, it’s able to avoid traditional detection techniques, starting up before the OS has even thought about launching defensive countermeasures.

With that in mind, preventing an infection like this is the best way to avoid its associated issues, while clearing it out after it’s taken hold is much harder. It certainly requires a different approach than usual, as the team at FireEye discussed in their recent exposé (via Ars) on the malware bootkit. Any users who believes their systems are infected with such malware will need to do a complete drive wipe to make sure it’s cleared out.

This will be a process that’s a little more well known among SSD users, as a zeroing of the drive can often improve performance — even if the drive is TRIM enabled. However, it may be more daunting for enterprises or businesses that are more used to ghosting a drive from one system to another without ever starting from scratch.

This isn’t necessarily something that those running modern operating systems need to worry about though. Windows 8 and 10 both utilize Secure Boot, which prevents a replacement of the Windows bootkit from being launched.

That’s perhaps why the bootkit targets enterprise systems and financial services, which have a history of running older operating systems. Yet another good reason to stay up to date with your operating system, as well as with drivers and anti-malware software.

Jon Martindale
Jon Martindale is the Evergreen Coordinator for Computing, overseeing a team of writers addressing all the latest how to…
How to clean a mouse pad — the right way
The Glorious Model O 2 Pro mouse sitting on a desk.

Even the latest and most "exciting" mouse mats can get dirty after long-term use. So it's a good idea to clean your mouse pad now and again — it not only looks better but it's more hygienic, too.

Here's how to clean your mouse pad to get it back to near-new condition.

Read more
Intel responds to reported laptop CPU instability problems
msi gt77 titan 2023 review 19

Update: Intel has provided Digital Trends with the following statement about CPU instability affecting mobile processors:

"Intel is aware of a small number of instability reports on Intel Core 13th/14th Gen mobile processors. Based on our in-depth analysis of the reported Intel Core 13th/14th Gen desktop processor instability issues, Intel has determined that mobile products are not exposed to the same issue. The symptoms being reported on 13th/14th Gen mobile systems – including system hangs and crashes – are common symptoms stemming from a broad range of potential software and hardware issues. As always, if users are experiencing issues with their Intel-powered laptops we encourage them to reach out to the system manufacturer for further assistance."

Read more