This week’s Risky Business security podcast looks at firmware root kits with John Heasman from the US arm of NGS Software. Download it here:
As you can imagine, those sorts of root kits can be very difficult to detect and remove.
But it gets worse.
Newer research, due to be presented at BlackHat in Las Vegas, will show how the CPU on some PCI devices (like the chip on network devices designed to do TCP checksum calculations) can actually be used to run the root kits.
That means they never gets loaded into main memory. Try detecting that!