a bit OT: used laptops, computrace rootkit

Michael Torrie torriem at gmail.com
Sat Mar 22 21:23:43 MDT 2014


On 03/22/2014 07:44 PM, S. Dale Morrey wrote:
> Of course you can always just block absolute.com at the router level and
> get it added to pr0n filters in general.

Yes you can block the ip addresses it sends to (if you know them all).
But you can't really filter it with a porn filter since it's https.
Some security researchers showed a few years ago how you could modify
and subvert CompuTrace's daemons to send data to arbitrary urls.  The
big worry here is that since CompuTrace lives in the BIOS and infects
all windows drives upon boot, that a truly malicious virus could write
itself there.  Viruses or trojans writing themselves to the BIOS has
always been a concern in the past, but CompuTrace, should it be
compromised is a nice vector guaranteed to be on the majority of laptops
sold these days.  And it has all the rootkit intelligence necessary for
a bad guy to take advantage of.



More information about the PLUG mailing list