Equation Group Spyware Poses Threats Far Beyond Its Original Purpose

 
 
By Wayne Rash  |  Posted 2015-02-18 Print this article Print
 
 
 
 
 
 
 
Equation Spyware


With all of that in mind, you're probably wondering how much of a threat the Equation Group and its GrayFish malware are to your company. The answer is, not as much as you might think. Chances are very good that you're not in its target list.

In addition, GrayFish is not necessarily impossible to eliminate. While it's true that this malware can include a module that rewrites the flash memory on your computer's hard drives, until that happens GrayFish is just as visible as any other malware. In addition, a properly designed anti-malware package can intercept it and prevent execution, as long as that happens before the flash in the drive has been rewritten.

Unfortunately, once the malware has installed itself into the flash memory on a hard drive it may be impossible to detect or remove, although it's not clear what would happen if you decide to reflash the drive. However most recommendations I've seen say that the only possible solution is to destroy the drive.

All of this means that in a worst case scenario, you're left with the decision of deciding whether to destroy your storage if you think there's a chance that it harbors a GrayFish module, but since you can't actually tell if it's there, you just have to guess.

Fortunately, there are other actions you can take.

The most obvious action is to train your employees never to plug a device of unknown origin into a computer. While you're at it, you can disable the USB ports that aren't being used for something. And you can make sure that you have a good, updated anti-malware product running on all of your critical systems all of the time. This should give you a fighting chance.

But it may be that the most serious problem from the Equation Group and GrayFish is yet to come. Now that the existence of this type of malware has become known, it also becomes more likely that criminal malware writers will use the techniques the Equation Group developed to produce more advanced malware.

While those criminal groups can't normally afford to develop such things as flash-based viruses, once they know it's possible, they have something to aim for. In addition it's possible that if they get copies of this malware in the wild it might be possible to repurpose the code, especially once other nation state hacking teams with all their resources get hold of it.

Considering how competitive cyber criminals have become recently, there's certainly plenty of motivation to use something that could become undetectable and impossible to remove.

Ultimately, even though GrayFish and the Equation Group probably aren't after your money or information, the presence of their malware has made the Internet and the computing world a much more dangerous.



 
 
 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel