{"id":306588,"date":"2024-12-01T00:02:39","date_gmt":"2024-11-30T23:02:39","guid":{"rendered":"https:\/\/www.borncity.com\/blog\/?p=306588"},"modified":"2024-12-02T16:00:11","modified_gmt":"2024-12-02T15:00:11","slug":"bootkitty-erstes-linux-uefi-boot-kit","status":"publish","type":"post","link":"https:\/\/borncity.com\/blog\/2024\/12\/01\/bootkitty-erstes-linux-uefi-boot-kit\/","title":{"rendered":"Bootkitty: Erstes Linux UEFI Boot-Kit"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"margin: 0px 10px 0px 0px; display: inline; float: left;\" src=\"https:\/\/borncity.com\/blog\/wp-content\/uploads\/2015\/11\/Linux.jpg\" width=\"64\" height=\"76\" align=\"left\" \/>[<a href=\"https:\/\/borncity.com\/win\/2024\/12\/01\/bootkitty-first-linux-uefi-bootkit\/\" target=\"_blank\" rel=\"noopener\">English<\/a>]ESET Research ist auf das das erste Linux UEFI Boot-Kit gesto\u00dfen und hat dieses Bootkitty genannt. Dieses Linux UEFI Boot-Kit wurde Anfang November 2024 auf Virustotal hochgeladen und ist den Sicherheitsforschern dadurch aufgefallen. <strong>Erg\u00e4nzung:<\/strong> Es stellte sich heraus, dass es eine Studentenarbeit war.<\/p>\n<p><!--more--><\/p>\n<p>F\u00fcr Windows sind UEFI Boot-Kits, die sich bereits beim Start des Systems im UEFI eingenistet haben, ja bereits l\u00e4nger bekannt. Aber jetzt gibt es \"Bootkitty\", das Linux UEFI Boot-Kit.<\/p>\n<p><a href=\"https:\/\/www.welivesecurity.com\/en\/eset-research\/bootkitty-analyzing-first-uefi-bootkit-linux\/\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/i.postimg.cc\/tJ6w78z2\/image.png\" alt=\"Linux UEFI-Boot-Kit\" width=\"597\" height=\"380\" \/><\/a><\/p>\n<p>Das Linux UEFI Boot-Kit deaktiviert die \u00dcberpr\u00fcfung der Kernel-Signatur und l\u00e4dt zwei ELFs vor, die den ESET Sicherheitsforschern bei der ersten Analyse noch unbekannt waren, wie sie in obigem Tweet schreiben. Details zu dieser Entdeckung lassen sich im Blog-Beitrag\u00a0<a href=\"https:\/\/www.welivesecurity.com\/en\/eset-research\/bootkitty-analyzing-first-uefi-bootkit-linux\/\" target=\"_blank\" rel=\"noopener\">Bootkitty: Analyzing the first UEFI bootkit for Linux<\/a> nachlesen.<\/p>\n<p><strong>Erg\u00e4nzung:<\/strong> Es stellte sich heraus, dass es eine Studentenarbeit war. ESET Research hat am 2. Dezember 2024 folgendes auf<a href=\"https:\/\/x.com\/ESETresearch\/status\/1863584623164276873\" target=\"_blank\" rel=\"noopener\"> X gepostet<\/a>:<\/p>\n<blockquote>\n<div class=\"css-175oi2r\" data-testid=\"cellInnerDiv\">\n<div class=\"css-175oi2r r-j5o65s r-qklmqi r-1adg3ll r-1ny4l3l\">\n<div class=\"css-175oi2r\">\n<article class=\"css-175oi2r r-18u37iz r-1udh08x r-1c4vpko r-1c7gwzm r-1ny4l3l\" tabindex=\"-1\" role=\"article\" aria-labelledby=\"id__ob64ys6d0dp id__pa1a0qzlhxi id__knp0es662jp id__d8zrhii07km id__dmlzfikazw id__9q6hi73uwlj id__p4shu6j3jvd id__8rz57bs3zhd id__fwld2wvppac id__k7b0mxi0g2c id__sazeoinh12 id__wbvb0k6nv7 id__kqz2lzomth id__866tleeccm id__xa8zkhbf6x9 id__nj8vtqkl6j id__fsg9panrh0f id__ssvpnq0izk id__trrifotfiu\" data-testid=\"tweet\">\n<div class=\"css-175oi2r r-eqz5dr r-16y2uox r-1wbh5a2\">\n<div class=\"css-175oi2r r-16y2uox r-1wbh5a2 r-1ny4l3l\">\n<div class=\"css-175oi2r\">\n<div class=\"css-175oi2r\">\n<div class=\"css-175oi2r r-1s2bzr4\">\n<div id=\"id__sazeoinh12\" class=\"css-146c3p1 r-bcqeeo r-1ttztb7 r-qvutc0 r-37j5jr r-1inkyih r-16dba41 r-bnwqim r-135wba7\" dir=\"auto\" lang=\"en\" data-testid=\"tweetText\"><span class=\"css-1jxf684 r-bcqeeo r-1ttztb7 r-qvutc0 r-poiln3\">UPDATE: <\/span><span class=\"r-18u37iz\">#ESETresearch<\/span><span class=\"css-1jxf684 r-bcqeeo r-1ttztb7 r-qvutc0 r-poiln3\"> was contacted by one of the possible authors of the Bootkitty bootkit, claiming the bootkit is a part of project created by cybersecurity students participating in Korea's Best of the Best (BoB) training program. 1\/2<\/span><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/article>\n<div class=\"css-175oi2r\" data-testid=\"inline_reply_offscreen\">\n<div class=\"css-175oi2r r-14lw9ot r-184en5c\">\n<div class=\"css-175oi2r\">\n<div class=\"css-175oi2r r-14lw9ot r-1h8ys4a r-1mmae3n\">\n<div class=\"css-175oi2r\">\n<div class=\"css-175oi2r\">\n<div class=\"css-175oi2r r-3pj75a\">\n<div class=\"css-175oi2r r-18u37iz r-184en5c\">\n<div class=\"css-175oi2r r-18kxxzh r-1wron08 r-onrtq4 r-1777fci\">\n<div class=\"css-175oi2r r-1adg3ll r-bztko3 r-13qz1uu\" data-testid=\"UserAvatar-Container-etguenni\">\n<div class=\"r-1p0dtai r-1pi2tsx r-1d2f490 r-u8s1d r-ipm5af r-13qz1uu\">\n<div class=\"css-175oi2r r-1adg3ll r-1pi2tsx r-13qz1uu r-45ll9u r-u8s1d r-1v2oles r-176fswd r-bztko3\">\n<div class=\"r-1p0dtai r-1pi2tsx r-1d2f490 r-u8s1d r-ipm5af r-13qz1uu\">\n<div class=\"css-175oi2r r-sdzlij r-1udh08x r-5f1w11 r-u8s1d r-8jfcpp\">\n<div class=\"css-175oi2r r-sdzlij r-1udh08x r-633pao r-45ll9u r-u8s1d r-1v2oles r-176fswd\">\n<div class=\"css-175oi2r r-1adg3ll r-1udh08x\">\n<div class=\"r-1p0dtai r-1pi2tsx r-1d2f490 r-u8s1d r-ipm5af r-13qz1uu\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"css-175oi2r\" data-testid=\"cellInnerDiv\">\n<div class=\"css-175oi2r r-j5o65s r-qklmqi r-1adg3ll r-1ny4l3l\">\n<div class=\"css-175oi2r\">\n<article class=\"css-175oi2r r-18u37iz r-1udh08x r-1c4vpko r-1c7gwzm r-o7ynqc r-6416eg r-1ny4l3l r-1loqt21\" tabindex=\"0\" role=\"article\" aria-labelledby=\"id__kxph5gcq8l id__ryu5jebi5q id__txscmjyoy1n id__bfu018uhi1e id__0g60fmaqcu6 id__2fswjeihgmj id__59hckphj7i7 id__pcbi462ap3c id__0o2d3f63tqn id__ricaq2l3rnp id__5epjdwyo2q id__9uw9w6xzjgj id__nno5ui4b0i id__sl19e9s5k9o id__2hm2sufl9f3 id__56yolso51e id__8nqd32nm0sk id__zx9itwpc5fj id__88fmvjmb297\" data-testid=\"tweet\">\n<div class=\"css-175oi2r r-eqz5dr r-16y2uox r-1wbh5a2\">\n<div class=\"css-175oi2r r-16y2uox r-1wbh5a2 r-1ny4l3l\">\n<div class=\"css-175oi2r r-18u37iz\">\n<div class=\"css-175oi2r r-1iusvr4 r-16y2uox r-1777fci r-kzbkwu\">\n<div class=\"css-175oi2r r-zl2h9q\">\n<div class=\"css-175oi2r r-k4xj1c r-18u37iz r-1wtj0ep\">\n<div class=\"css-175oi2r r-1d09ksm r-18u37iz r-1wbh5a2\">\n<div class=\"css-175oi2r r-1wbh5a2 r-dnmrzs r-1ny4l3l\">\n<div id=\"id__0g60fmaqcu6\" class=\"css-175oi2r r-1wbh5a2 r-dnmrzs r-1ny4l3l r-1awozwy r-18u37iz\" data-testid=\"User-Name\">\n<div class=\"css-175oi2r r-1awozwy r-18u37iz r-1wbh5a2 r-dnmrzs\">\n<div class=\"css-175oi2r r-1wbh5a2 r-dnmrzs\">\n<div class=\"css-175oi2r r-1awozwy r-18u37iz r-1wbh5a2 r-dnmrzs\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"css-175oi2r r-1kkk96v\">\n<div class=\"css-175oi2r r-1awozwy r-18u37iz r-1cmwbt1 r-1wtj0ep\">\n<div class=\"css-175oi2r r-1awozwy r-6koalj r-18u37iz\">\n<div class=\"css-175oi2r\">\n<div class=\"css-175oi2r r-18u37iz r-1h0z5md\">\n<div class=\"css-146c3p1 r-bcqeeo r-1ttztb7 r-qvutc0 r-37j5jr r-a023e6 r-rjixqe r-16dba41 r-1awozwy r-6koalj r-1h0z5md r-o7ynqc r-clp7b1 r-3s2u2q\" dir=\"ltr\">\n<div class=\"css-175oi2r r-xoduu5\">\n<div class=\"css-175oi2r r-xoduu5 r-1p0dtai r-1d2f490 r-u8s1d r-zchlnj r-ipm5af r-1niwhzg r-sdzlij r-xf4iuw r-o7ynqc r-6416eg r-1ny4l3l\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"css-175oi2r\">\n<div id=\"id__5epjdwyo2q\" class=\"css-146c3p1 r-8akbws r-krxsd3 r-dnmrzs r-1udh08x r-bcqeeo r-1ttztb7 r-qvutc0 r-37j5jr r-a023e6 r-rjixqe r-16dba41 r-bnwqim\" dir=\"auto\" lang=\"en\" data-testid=\"tweetText\"><span class=\"css-1jxf684 r-bcqeeo r-1ttztb7 r-qvutc0 r-poiln3\">This supports our belief that it was an initial proof of concept rather than a malware used by real threat actors. Nonetheless, the blog post remains accurate \u2014 it is a functional bootkit and the first publicly known UEFI bootkit for Linux. 2\/2<\/span><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/article>\n<\/div>\n<\/div>\n<\/div>\n<\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>[English]ESET Research ist auf das das erste Linux UEFI Boot-Kit gesto\u00dfen und hat dieses Bootkitty genannt. Dieses Linux UEFI Boot-Kit wurde Anfang November 2024 auf Virustotal hochgeladen und ist den Sicherheitsforschern dadurch aufgefallen. Erg\u00e4nzung: Es stellte sich heraus, dass es &hellip; <a href=\"https:\/\/borncity.com\/blog\/2024\/12\/01\/bootkitty-erstes-linux-uefi-boot-kit\/\">Weiterlesen <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[95,426],"tags":[4305,4328],"class_list":["post-306588","post","type-post","status-publish","format-standard","hentry","category-linux","category-sicherheit","tag-linux","tag-sicherheit"],"_links":{"self":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts\/306588","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/comments?post=306588"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts\/306588\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/media?parent=306588"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/categories?post=306588"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/tags?post=306588"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}