«Kaspersky Lab” found that the imperfect implementation of the network protocol used by the product of Absolute Computrace Absolute Software, can become a kind of “Archimedean lever” and useful software to transform into a powerful tool intruders.
This software is capable of potentially open defect cybercriminals access to millions of computers around the world – and as a key in this case, perform a software agent Absolute Computrace, stored in the BIOS firmware of modern computers and laptops.
Analyze this feature security software specialists Absolute Software “Kaspersky Lab” began after found that Absolute Computrace software agent is working on a number of computers without prior authorization.
Despite the fact that this product is legal development, some users claim that they had never installed and activated, and in some cases not at all aware of the existence of the software on their computers. While most of the preset programs can be easily removed or deactivated by the user, Absolute Computrace, settling in the firmware of the computer continues to work even after a thorough cleaning or replacement of the system disk.
But not only this feature Absolute Computrace can cause suspicion among users. This software uses technology that hinder disassembly and analysis, as well as other tools, the creators of popular malware, in particular injection in memory of other processes, covert channels, changes to system files on the disk encryption configuration data and creating Windows executable files directly from your code firmware BIOS.
According to data obtained from the cloud service Kaspersky Security Network, a software agent Absolute Computrace operates today in the 150 thousand users. The total number of users with active agent according to some estimates could exceed 2 million, and it is not known how many of them know about the existence of this software on your computer. The experts also found that the majority of computers actively working Absolute Computrace agent is in the United States and Russia.
Network Protocol Computrace, provides basic remote code execution. It does not require the use of any cryptographic mechanisms to encrypt data or verify the remote server that gives attackers the opportunity to perform a remote attack in an unprotected network environment. There is currently no evidence that the Absolute Computrace used as a platform to carry out attacks.