Statement of the BSI on the malicious software "LoJax"
MIL OSI Translation. Region: Germany / Germany –
Federal ITF BonnDate 28.09.2018SET security firm ESET released an analysis report on 27.09.2018 on a UEFI rootkit called LoJax. In some media, the malware was described among other things as an "almost indelible super virus" that could endanger billions of computers. This assessment is not shared by the Federal Office for Information Security (BSI). It is true that LoJax deeply implanted in the computer and to run, even before the actual operating system or anti-virus software is executed. This makes detection and removal of the malware significantly more difficult than malicious programs that affect the operating system. However, to be able to install LoJax at all, an offender must have already taken control of the computer, for example by exploiting known vulnerabilities in the operating system. Thus, the BSI recommended protective measures for computer and network security (IT-Grundschutz or www.bsi-fuer-buerger.de) also provide sufficient protection against the LoJax-Rootkit described here. It remains to be noted that APT attacks (Advanced Persistent Threat) are a serious threat to businesses, institutions and government institutions. Corresponding protective measures should therefore be implemented professionally and consistently. A mass expansion to private users, however, is not expected. This also applies to the current version for the malware variant LoJax.Pressekontakt: Federal Office for Information Security Postfach 20036353133 BonnPhone: 49 228 99 9582-5777Telefax: 49 228 99 9582-5455E-Mail: presse@bsi.bund.de
EDITOR'S NOTE: This article is a translation. Please forgive us the grammar and / or sentence structure not be perfect.