[rkhunter]

The EFI firmware used in Intel Macs and other modern systems presents some interesting possibilities for rootkit developers. This presentation will provide a full account of how an EFI-based rootkit might work. We will begin with some background on the EFI architecture - what it does, how it works, and how we can leverage EFI to inject code into the Mac OS X kernel or attack the user directly. We will then detail how a kernel payload might work, employing a number of rootkit techniques that can be used within the XNU kernel. Finally, we will discuss the possibilities for rootkit persistence that are presented by EFI. This presentation will not require a detailed understanding of EFI, and will leave the audience with an understanding of the ways in which EFI can be used in a modern Mac OS X rootkit.

http://www.blackhat.com/html/bh-us-12/b ... ngs.html#K

[Flamef]

Hi,
what also seems interesting is "File Disinfection Framework: Striking Back at Polymorphic Viruses"

"File Disinfection Framework: Striking Back at Polymorphic Viruses." The research was presented by Reversing Labs. They presented an open source cross-platform x86-x64 library that enables its user to unpack, disinfect, and build PE32/PE32+ files. The framework also has an x86 emulator written from scratch, which supports multiple processes in parallel windows object such as handles, mutex, and environment. It also provides tools that can aid in writing disinfection routines such as automatic binary profiling with search for the presence and location of the virus stub.

http://blog.fireeye.com/research/2012/0 ... 2012-.html

So actually,Virut and Sality will be rendered "useless" !? .

[rkhunter]

http://ho.ax/De_Mysteriis_Dom_Jobsivs_B ... _Paper.pdf