Know Your Enemy
Destroying your hard drive is the only way to stop this super-advanced malware
Countries hit the most by Equation include Iran, Russia, Pakistan, Afghanistan, India and China. Targets in those countries included the military, telecommunications, embassies, government, research institutions and Islamic scholars, Kaspersky said.
Infirm firmware
Kaspersky’s most striking finding is Equation’s ability to infect the firmware of a hard drive, or the low-level code that acts as an interface between hardware and software.
The malware reprograms the hard drive’s firmware, creating hidden sectors on the drive that can only be accessed through a secret API (application programming interface). Once installed, the malware is impossible to remove: disk formatting and reinstalling the OS doesn’t affect it, and the hidden storage sector remains.
“Theoretically, we were aware of this possibility, but as far as I know this is the only case ever that we have seen of an attacker having such an incredibly advanced capability,” said Costin Raiu, director of Kaspersky Lab’s global research and analysis team, in a phone interview Monday.
Drives made by Seagate Technology, Western Digital Technologies, Hitachi, Samsung Electronics and Toshiba can be modified by two of Equation’s hard disk drive malware platforms, “Equationdrug” and “Grayfish.”