Subject: Every computer hackable by Radio Freq?
- a global conspiracy?

* Is ClamWin developed to scan for the following threats? This subject VANISHES without a trace when posted on commercial anti-virus discussion forums. Let's see how the ClamWin developers treat the subject matter. This is an HONEST inquiry, one which many vendors REFUSE to answer or AVOID."

This lady claims to have found some strange things on her Windows PCs and Linux!

Subversionhack Archive
https://tagmeme.com/subhack/

So, with modern blackboxed hardware components, are all of our PCs hackable via radio frequency / ham packet radio type of blackbox voodoo?

Dig deep, I've found no other site like this. Are Linux/BSD varieties vulnerable?

https://www.invisiblethings.org/code.html
https://www.invisiblethings.org/papers.html

AND

"This talk explores three possible methods that a hardware Trojan can use to leak secret information to the outside world: thermal, optical and radio.

In the thermal Trojan demo, we use an infrared camera to show how electronic components or exposed connector pins can be used to transmit illicit information thermally. In the optical Trojan demo, we use an optical-to-audio converter to show how a power-on LED can be used to transmit illicit information using signal frequencies undetectable by human eyes. Finally, in the radio Trojan demo, we use a radio receiver to show how an external connector can be used to transmit illicit information using AM radio transmission."

https://www.cvorg.ece.udel.edu/defcon-16/
https://www.defcon.org/html/defcon-16/dc-16-speakers.html#Kiamilev

https://bluepillproject.org/
https://subversionhack.livejournal.com/1815.html

"I sincerely believe that Blue Pill technology will (very soon) allow for creating 100% undetectable malware, which is not based on obscurity of the concept. And I already stressed this in the description of my talk here (https://syscan.org/program.html) and here (https://blackhat.com/html/bh-usa-06/bh-usa-06-speakers.html#Rutkowska). The working prototype I have (and which I will be demonstrating at SyScan and Black Hat) implements the most important step towards creating such malware, namely it allows to move the underlying operating system, on the fly, into a secure virtual machine."
- https://theinvisiblethings.blogspot.com/2006/07/blue-pill-hype.html

https://rayer.ic.cz/romos/romose.htm

"The ROMOS is a stand-alone x86 code allows you to load and run your own binary code or 3rd-party code. ROMOS rely on BIOS functions only so it can be executed directly without any operating system. The main purpose of ROMOS is to be placed in a ROM, from where it can load/run other software (e.g. bootmanager, HW diagnostics, special controlling software...) during POST (Power-On Self Test) while your PC is booting up. It can also load DOS-based operating systems (may be other OSes) such as FreeDOS stored in ROM together with ROMOS. This mean that any floppy/harddisk/CD-ROM drive is not needed. It may be very useful in various embedded diskless systems. Or simply as reserve OS for rescue use. Other applications are on you."

"In Space, No One Can Hear Your Rootkits Scream" - ascii aliens

I find most if not all of the information you posted as irrelevant.

I could not make any sense reading the subversionhack archive (maybe it's just me but I could not see any purpose in the archive postings)

Blue pill project is a rootkit code and has nothing to do with Radio Frequency control. Whilst one may damage (not control_ electronic equipment with a very strong RF signal it would have to be from a very close and powerful source - impractical in real life.

To use thermal optical or radio methods for reading data from a computer one would have to be very close to it again and use a directional device. Therefore even if it was possible then a victim would have to be specifically targeted.

ROMOS is a nice project but is totally unrelated to malware. In order to use it one would need to use ISAROM, FlashROM or BootROM which are hardware devices and unless you consciously connect them to your computer before booting it up or allow network boot there is no ROMOS on your computer.

I have to apologise that I won't be able to spend further time following this thread.

To do what you describe (it's unproven at present), you would need special equipment, knowledge, and access. It would be costly and time-consuming. People employing viruses generally do so for money (either writing them or using them). They already make good money doing what they are doing, and they are not going to us other techniques until they are proven money makers.

In addition, ClamAV, which furnishes the scan engine and signature database for ClamWin, is a simple antivirus program designed for Linux email scanners--nothing else. It does not even employ real-time scanning. Thanks to the ClamWin developers, it has been ported over to Windows to give its users access to a simple and free antivirus. Clam leaves the exotic detection to commercial AVs like McAfee, Symantec, Microsoft, Kaspersky, and Trend Micro. ClamWin follows suit.

Now, what I would like to see is AVs employing GPUs for unpacking! What have you got for that?

Regards,

@ iamawake

if you are concerned about this, then go to majorgeeks and get the (free) Fortego tool All-Seeing Eye, get (free) system safety monitor from wilders srcurity, and (free) AVZ fron www.z-oleg.com or Kaspersky. All use very, very little ram/cpu. Now hackers will have to worry about you!

This and clam with good firewall, you're OK.

Dave

ATTENTION:

I do not recommend visiting the web page reference above! Malwarebytes says it is a malicious website. It may also be persistent, so restart your computer if you visit the page and then do a scan with a couple of AVs! Initially it took you to
213.174.153.60. Now it is 89.108.67.176.

Regards,

Just wrap your pc & your head in tinfoil. Works for me.

Re: GuitarBob, Tue Dec 29, 2009, 8:38 pm

"I do not recommend visiting the web page reference above! Malwarebytes says it is a malicious website."

The web page reference above? At dw2108a, Tue Dec 29, 2009 1:08 pm ? www.z-oleg.com ?


31st May 2010:

Perhaps things have changed over the intervening five months.

The Web of Trust database rated this website as being safe.
https://www.mywot.com/en/scorecard/z-oleg.com

McAfee SiteAdvisor reported that: "We tested this site and didn't find any significant problems", and that z-oleg.com has links to seven "safe" sites, and one site which had not been assessed.
https://www.siteadvisor.com/sites/z-oleg.com

The Badware Website Clearinghouse reported that there were no records on file for z-oleg.com
https://stopbadware.org/home/reportsearch

The Google Safe Browsing diagnostic page for z-oleg.com declared:
- "This site is not currently listed as suspicious."
- "Of the 2 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2010-03-16, and suspicious content was never found on this site within the past 90 days."
- "Over the past 90 days, z-oleg.com did not appear to function as an intermediary for the infection of any sites."
- "This site was hosted on 1 network(s) including AS39561 (AGAVA)"
https://google.com/safebrowsing/diagnostic?site=z-oleg.com

The Google Safe Browsing diagnostic page for AS39561 (AGAVA) declared:
- "Of the 6943 site(s) we tested on this network over the past 90 days, 442 site(s), including, for example, ..., served content that resulted in malicious software being downloaded and installed without user consent."
- "The last time Google tested a site on this network was on 2010-05-31, and the last time suspicious content was found was on 2010-05-31."
- "Over the past 90 days, we found 20 site(s) on this network, including, for example, ..., that appeared to function as intermediaries for the infection of 125 other site(s) including, for example,..."
- "Yes, this network has hosted sites that have distributed malicious software in the past 90 days. We found 42 site(s), including, for example, ..., that infected 1064 other site(s), including, for example,..."
https://google.com/safebrowsing/diagnostic?site=AS:39561

Rather than www.z-oleg.com, one can obtain the AVZ toolkit freely from Kaspersky AV website.

z-oleg IS a safe site and I've been going there without any problems for nearly 8 yrs. One might see Kaspersky as a safer site, but z-oleg is the Kaspersky developer of AVZ. Connecting to his site might trigger a false alarm because the z-oleg site is connected to several official Kaspersky vendor websites in order to handle the enormous number of AVZ databasse and program updates, which is becoming a very popular AM/BB freeware app.

Dave

I was a little nervous after reading the subject line of this post. Then I read the content and realized that the OP is worried about things that are laughable at best. If someone wants your information bad enough to try to deploy RF technology, it would probably be easier for them to just steal your computer. It would definitely be cheaper...

Keep your eye on the large AV companies: McAfee, Symantec, Trend Micro, and (maybe) AVG and Sophos. Some might say their AVs are bloated, but if something gets to be a real malware problem, they will address it.

Regards,