I don’t run a Windows system on my ASUS netbook. I run Linux/Ubuntu. Does that mean that my netbook will not be affected?

http://it.slashdot.org/story/09/07/31/1337202/bios-rootkit-preloaded-i n-60-of-new-laptops

Well this is old news but it is still happening now with many new variants and I am still stunned by the lack of people who know about this threat and some of the hardware rootkits.

Hopefully this gets more attention. Maybe the nature of the threat makes people feel overwhelmed. I am not sure. I wish there was more discussion.

@ Morghan:

It is really hard to believe. The vPro chip also has a hardware rootkit built into it. If you guys could look into the patents and such on that technology maybe we can shed light on exactly what all these new technologies are meant to do. Anti-theft tech should be a legimate consumer option, not a baked in FORCED “feature.” This is a huge privacy issue. I found no response from the ACLU and EFF and I think there should have been. My two cents.

@ Alphast:

You got that information from the patent? Please post that here?

@ Dan:

Thanks. I’ll see if I can contribute some stuff to it if I get a chance.

@ Morghan:

Well, yes and no. There should be a legit way to disable it so that the owners could prevent tracking/spying if they wanted to. A criminal could use that feature too, but the logic is that a dude who burglarizes your house or your car is probably not going to bother to do that. But yeah… It could be that they don’t provide an actual off switch for legit customers.

@ Mike:

Good point. Maybe we could link up actual products and/or rulesets that do this on the wiki.

@ Alphast:

Well, we’re getting into spy movie territory here but this is technically a possibility. I bet that’s not what they are doing though. It’s probably wiser to instead develop a state sponsored malware that exploits the computrace rootkit and uses it to mask it’s activity. The Stuxnet hoopla proved that this is perfectly doable, and deniable because it’s indirect.

I am also interested about one issue there: Lenovo is a Chinese company and most PC’s are made in China. Software companies are usually US based. Does that mean that this rootkit (which has been specifically designed to allow gov agencies to look into PC’s, according to the patent) allows the US or the Chinese government to control our laptops? I know it sounds paranoid, but we are talking about cameras, keyboard recording and so on…

Note that while certainly not a panacea, open rulesets (VRT, ET) for IDS like Snort and Surricata have matchers to detect this (among gozillion of others) crapware since 2011 in exactly the same way Dan did, by looking at the traffic.
Could be a better general suggestion than digging pcap dumps with your own eyeballs.

http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&typ e=publication&name=Deactivate_the_Rootkit

Another interesting link on this issue.

I have an HP DV6 and was looking in to a Panasonic CF31, both are on the list. I’m sure that killing it in the BIOS, which I did on day one with the HP, won’t keep it from being triggered. If that would work it wouldn’t do you much good for the official purpose.

Looks like it is already exploitable.

Please see my wiki , I added some of the many links that explain how the security group CORE exploited it already.

http://computracerootkit.wikia.com

Look under the “links” page for more info.

It might be old news but many machines are still affected.

Beyond this if you are using Intel® vPro™ Technology at all you have what is known as a hardware rootkit, which is impossible to uninstall without damaging the machine.

Spread the word!