Hacking Team spyware rootkit: Even a new HARD DRIVE wouldn't get rid of it

http://www.theregister.co.uk/2015/07/14/hacking_team_stealth_rootkit/

Hacking Team RCS spyware came pre-loaded with an UEFI (‬Unified Extensible Firmware Interface) ‪BIOS rootkit to hide itself on infected systems, it has emerged following the recent hacking of the controversial surveillance firm.‬

The stealth infection tactic, which has been revealed through leaked emails arising from last week's hack, meant that the Remote Control System (RCS) agent stayed on compromised machines even if users formatted their drives - or even swapped disks. Although designed primarily for the Insyde BIOS (a popular laptop BIOS) it might also work on AMI BIOS as well, according to security firm Trend Micro.

A PowerPoint from the leaked Hacking Team emails implies that initial infection seems to require physical access to targeted systems. Other techniques may be possible, according to Trend Micro, based on a preliminary analysis of the leaked presentation as well as an examination of a help tool for the users of ‪Hacking Team‬'s BIOS rootkit and other leaked data.

"A Hacking Team slideshow presentation claims that successful infection requires physical access to the target system; however, we can’t rule out the possibility of remote installation," writes Philippe Lin, a senior engineer at Trend Micro. "An example attack scenario would be: The intruder gets access to the target computer, reboots into UEFI shell, dumps the BIOS, installs the BIOS rootkit, re-flashes the BIOS, and then reboots the target system."


More at link