Hi folks,
As our ROM analysis tools continue to improve, we find more "interesting" things. Today, we seem to have found a fourth Lenovo Rootkit variant.
Admittedly, it might not be. It might be just unfortunately named (NovoSecEngine2), but it does seem to share about 97% of the code of some of the other variants, so it looks pretty suspicious.
If you read my other blogs, you will know that two of the variants had 0 detections, and one had a single detection, and unsurprisingly, this one has 0 out of 57 detects.
Again, it's important to understand that I am not suggesting that Lenovo did anything wrong. I think they were completely innocent, and just trying to make their products more secure, and I must emphasize that there is no reason to think any of these are still in circulation, unless someone hasn't updated their firmware.
It's simply instructive that there seem to be four variants, when everyone thought there was just one.
One wonders what else we will find.
Stay tuned.
No comments:
Post a Comment