No word if this new tool will find -official- CIA rootkits. However, if those heinous Russian hackers have invaded your PC, you are all set.
The Advanced Threat team at Intel Security has created a new module for its existing CHIPSEC open-source framework to detect rogue EFI binaries. CHIPSEC consists of a set of command-line tools that use low-level interfaces to analyze a system's hardware, firmware, and platform components. It can be run from Windows, Linux, macOS, and even from an EFI shell.
The new CHIPSEC module allows the user to take a clean EFI image from the computer manufacturer, extract its contents and build a whitelist of the binary inside. It can then compare that list against the system's current EFI or against an EFI image previously extracted from a system.
If the tool finds any binary that don't match the clean EFI list, it's possible that the firmware has been infected. The rogue files are listed and can then be further analyzed.
Saturday, March 11, 2017
Intel releases rootkit finder.
Intel has released a new piece of software that allows a user to see in the firmware of their PC is compromised by a rootkit.The Phantom