No, I'm more suspicious of generic botnet/ransomware stuff. Which probably isn't anything that sophisticated.
That was yesterday. Having slept on it, I think the most likely cause is that I happened on a key combination that tries to poll status or activate AMT during POST/early boot (eg maybe something for service techs to load/auto-configure AMT off PXE or USB or something). An auto-loader for AMT wouldn't thrill me either, of course. Finding a cryptolocker installer in my Temp folder just has me running paranoid, I've never seen that particular message appear before, and it was gone before I could really get a good look.
Managed to dig up this paper on some of the potential black-hat applications of AMT [1]. Happened on another interesting one on Intel SGX [2]. It's certainly a net positive to have virtualization/sandboxing, secure enclaves, etc in our systems - but it always bugs me that they paradoxically create the potential for rootkits that are impossible to pry out once they're situated.
The idea of a platform-neutral technology that could serve as a vector for malware is a particularly disturbing one to me. Developing viruses for each individual BIOS implementation is something of a barrier to large-scale contagion of such malware, but there's probably a much smaller number of (eg) AMT or SGX versions with significant code overlap.
