It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Heads up! - A virus that attacks computer at BIOS level.
page: 1share:
Oh great researchers have demonstrated attacks at the very lowest level of a computer system, a natural development I suppose, I've never
thought about it before, but now I am I'm wondering why it took this long. - actually reading further thi was demonstrated in 2007, but still.
This thing is a biiatch, it will survive any reinstalation of the operating system, infect ANY computer regardless of it running windows or Linux or any other OS.
So I just thought I'd brings that little tid bit up to brighten everyone's day
linkey-poos
Apply all of the browser, application and OS patches you want, your machine still can be completely and silently compromised at the lowest level--without the use of any vulnerability.
This thing is a biiatch, it will survive any reinstalation of the operating system, infect ANY computer regardless of it running windows or Linux or any other OS.
"It was very easy. We can put the code wherever we want," said Ortega. "We're not using a vulnerability in any way. I'm not sure if you understand the impact of this. We can reinfect the BIOS every time it reboots."
So I just thought I'd brings that little tid bit up to brighten everyone's day
linkey-poos
Cant you just clear your cmos?
[edit on 25-3-2009 by Solomons]
[edit on 25-3-2009 by Solomons]
reply to post by Solomons
Wouldn't do anything.
Looks like the code will be hidden in the onboard memory of things like graphics cards, sound cards etc... That is I am reading that correctly.
Wouldn't do anything.
, Heasman showed a completely working method for loading the malware on to a PCI card by using the flashable ROM on the device. He also had a way to bypass the Windows NT kernel and create fake stack pointers.
Looks like the code will be hidden in the onboard memory of things like graphics cards, sound cards etc... That is I am reading that correctly.
So Basically the only way to get rid of this thing is to take a powerful magnet to your components and then throw it in the garbage eh?
Hi, protected? PC users ! B-)
Hey ! ! If things go THAT bad in PCs, one day,
I will take my Commodore C= out of the wardrobe !! B-]
Not long ago I was using the browser named "Net Tamer",
in DOS mode, and it was not that bad.
I have visited the net in TEXT mode with it, and it works.
There is A LOT of useless garbage I switch OFF with Mozilla,
and the TEXT mode does almost the same thing. . . B-)
VIVA Commodore C= ? One day ?
Blue skies.
Hey ! ! If things go THAT bad in PCs, one day,
I will take my Commodore C= out of the wardrobe !! B-]
Not long ago I was using the browser named "Net Tamer",
in DOS mode, and it was not that bad.
I have visited the net in TEXT mode with it, and it works.
There is A LOT of useless garbage I switch OFF with Mozilla,
and the TEXT mode does almost the same thing. . . B-)
VIVA Commodore C= ? One day ?
Blue skies.
Originally posted by Solomons
Cant you just clear your cmos?
[edit on 25-3-2009 by Solomons]
I'm not sure but I don't think so. If they can put the code into the flash memory of a pci card, it would be loaded on every reboot. I always thought my cmos was safe cause it's password protected. It doesn't look that way anymore.
The good news is that it's not easy to install.
reply to post by DaMod
Not sure about the magnets, it's flash memory, magnets don't normally affect flash memory do they?
But yhea chucking your kit in the trash would be an option!
But that is if you even detect the infection in the first place - this is in about as deep as it gets - way below standard virus scans!
I suppose you could reflash the firmware on your PCI cards. Or the hardware manufactures could start making them with a non flushable ROM - but then you would never be able to update your firmware.
Not sure about the magnets, it's flash memory, magnets don't normally affect flash memory do they?
But yhea chucking your kit in the trash would be an option!
But that is if you even detect the infection in the first place - this is in about as deep as it gets - way below standard virus scans!
I suppose you could reflash the firmware on your PCI cards. Or the hardware manufactures could start making them with a non flushable ROM - but then you would never be able to update your firmware.
This is actually nothing new. BIOS/chip specific malware has been around since the days of "Core wars" back on the old mainframes (30 years
ago).
BIOS/chip malware is usually very chip specific. I believe the newer Macs are running the same Intel processors/bios that my PC does... and therefore they're at risk also.
Keep your security updated, and don't go downloading anything unusual.
BIOS/chip malware is usually very chip specific. I believe the newer Macs are running the same Intel processors/bios that my PC does... and therefore they're at risk also.
Keep your security updated, and don't go downloading anything unusual.
It's suppose to be released april 1st right?
Well, on that day, unplug your computer for a few days.
I cant see how you can be infected then.
Well, on that day, unplug your computer for a few days.
I cant see how you can be infected then.
Originally posted by JohnHolmes
I always thought my cmos was safe cause it's password protected. It doesn't look that way anymore.
Hate to tell you buddy - but it's never been safe, have you ever seen the battery on the mother board? Looks like a large watch battery usually - whip that baby out and leave it a couple of mins.... Et voilà! No more CMOS password, no more BIOS password either and all BIOS settings go back to default.
meh?
As long as you have a fairly robust admin account (root) password in place this approach is somewhat stifled... and the "threat" seemingly negligible.
The "rootkit" their working on, on the other hand, might prove a different story all together, though.
Again, they'd have to craft a means by which to "prompt" a firmware update...
(?)
Scary, still.
As long as you have a fairly robust admin account (root) password in place this approach is somewhat stifled... and the "threat" seemingly negligible.
...you need either root privileges or physical access to the machine in question, which limits the scope
The "rootkit" their working on, on the other hand, might prove a different story all together, though.
...Heasman showed a completely working method for loading the malware on to a PCI card by using the flashable ROM on the device.
Again, they'd have to craft a means by which to "prompt" a firmware update...
(?)
Scary, still.
Well - make a bootable flashdrive - copy Mainboard BIOS + Flash program to flashdrive. If you get infected then
Flash BIOS - update BOOTBLOCK + Clear DMI data... power off - clear CMOS - Remove power from PSU - wait 20 mins... and restart.
It's also possible to "jumper" the BIOS chip so it's writeprotected.
Otherwise - if you're afraid - run the program called sandboxie, freeware and very efficient against ANY malware.
Flash BIOS - update BOOTBLOCK + Clear DMI data... power off - clear CMOS - Remove power from PSU - wait 20 mins... and restart.
It's also possible to "jumper" the BIOS chip so it's writeprotected.
Otherwise - if you're afraid - run the program called sandboxie, freeware and very efficient against ANY malware.
Other than the severity of the problems once infected, is this really any different than any other virus? I mean, it still has to get in your computer
somehow, right?
"Sacco and Ortega stressed that in order to execute the attacks, you need either root privileges or physical access to the machine"
Since infection by physical access is not going to be a problem for 99.999% of computer users, that leaves root privilege infections. I don't know much about root privegeles, but it sounds like the amount of effort required to gain access to a single machine's root privileges would hardly be worth wrecking some random dude's computer.
It would be like breaking into someone's safe with only $1 inside, and then destroying the safe when you're done just so the person can't use it anymore. Doesn't really make much sense to me... but then again computer viruses in general don't make much sense to me.
If this was to be used on more important computers than some random dude's, it seems like gaining access to valuable data would take precedent over disabling the machine itself, except in a few rare cases...
"Sacco and Ortega stressed that in order to execute the attacks, you need either root privileges or physical access to the machine"
Since infection by physical access is not going to be a problem for 99.999% of computer users, that leaves root privilege infections. I don't know much about root privegeles, but it sounds like the amount of effort required to gain access to a single machine's root privileges would hardly be worth wrecking some random dude's computer.
It would be like breaking into someone's safe with only $1 inside, and then destroying the safe when you're done just so the person can't use it anymore. Doesn't really make much sense to me... but then again computer viruses in general don't make much sense to me.
If this was to be used on more important computers than some random dude's, it seems like gaining access to valuable data would take precedent over disabling the machine itself, except in a few rare cases...
As a Mac user I fail to see why so many people still use windowz.......the article doesn't say anything about Macintosh/Apple unless someone is using
VMWare....I think??
The sure solution to this, as well as any other pc/windowz related viruses, bugs, spyware, etc., etc....is...
say it with me...
Buy and use a Mac!
The sure solution to this, as well as any other pc/windowz related viruses, bugs, spyware, etc., etc....is...
say it with me...
Buy and use a Mac!
Originally posted by prjct
As a Mac user I fail to see why so many people still use windowz.......the article doesn't say anything about Macintosh/Apple unless someone is using VMWare....I think??
The sure solution to this, as well as any other pc/windowz related viruses, bugs, spyware, etc., etc....is...
say it with me...
Buy and use a Mac!
If I'm not mistaken, then "OpenBSD" is UNIX, and as OS-X is based on unix, I wouldn't feel safe with a MAC either - and *if* SHTF, then at least there are multiple malware, virus, rootkit removers on the PC, whereas I would say the MAC is less fortunate in that case. Also I think it might be a bit harder to obtain a BIOS for your MAC if you get infected - again - with PC's they are widely available.
I have both a MAC and PC and enjoy both of them - each have their advantages.
I can tell you with absolute certainty that this is bunk. Having built my own 4 bit processor, thus having an intimate understanding of the workings
of processors and memory, I can tell you that such a virus is impossible UNLESS it somehow destroys the chip at the hardware level (too much voltage
to the chip for example.)
reply to post by goldbomb444
Your knowledge is out of date. This is not like the old 8 bit days where you couldn't modify the ROM page. Much modern hardware has a way for it's firmware to be updated. This means that the software can be modified, and this can include malware.
This is not an especially new threat, I remember a proof of concept a few years ago with some network cards. Something people may find interesting and related, are the allegations that the Chinese government have doing this to hardware that they sell to enemies, here is a great thread about that.
www.abovetopsecret.com...
As mentioned, This requires physical or root access. You should always make sure your system has a strong root/admin password, and stay up to date on security updates. Even so, there will likely be undiscovered as yet ways to gain root if someone can get in at user/service level. This means you should make sure your router and firewall are set up correctly, and disable all services that you don't require. Even on many linux systems the default install leaves some ports open that most people will never need. BSD I hear is better for this, and Windows seems much worse, I was unable to even close certain ports on Windows without using trickery.
Your knowledge is out of date. This is not like the old 8 bit days where you couldn't modify the ROM page. Much modern hardware has a way for it's firmware to be updated. This means that the software can be modified, and this can include malware.
This is not an especially new threat, I remember a proof of concept a few years ago with some network cards. Something people may find interesting and related, are the allegations that the Chinese government have doing this to hardware that they sell to enemies, here is a great thread about that.
www.abovetopsecret.com...
As mentioned, This requires physical or root access. You should always make sure your system has a strong root/admin password, and stay up to date on security updates. Even so, there will likely be undiscovered as yet ways to gain root if someone can get in at user/service level. This means you should make sure your router and firewall are set up correctly, and disable all services that you don't require. Even on many linux systems the default install leaves some ports open that most people will never need. BSD I hear is better for this, and Windows seems much worse, I was unable to even close certain ports on Windows without using trickery.
sorry, but being from the "old school" of computers, BIOS attacks are not new. it even got to a point in early development, where you could simply
re-programme BIOS chips quite efficiently, mainly because of the many glitches in software intergration, but also from nefarious attacks from the
outside, on the early systems.
another attack is on the MBR (master boot record) of all hard drives. this is also basic software commands that are put on by the manufacture (seagate, quantum, ibm, mitsubishi, western digital, etc.). i have had to rebuild these several times. the problem was that you had to have a certain amount of security clearence, and the "build" could only be given to you by a certified company tech, because each company had their own prepriotory build codes.
another attack is on the MBR (master boot record) of all hard drives. this is also basic software commands that are put on by the manufacture (seagate, quantum, ibm, mitsubishi, western digital, etc.). i have had to rebuild these several times. the problem was that you had to have a certain amount of security clearence, and the "build" could only be given to you by a certified company tech, because each company had their own prepriotory build codes.
This sounds like the kind of virus, that everyone has been terrified would appear for years, this is the kind of virus IMO, that would kill people in
Hospitals.
I have never ever had a high opinion of those who produce this kind of thing, I have always believed these kinds of people need to be thrown in prison for a long time, not people who try and find evidence of UFO's in computers.
People who create malicious viruses, with the intent on destroying software, saved work, or any kind of personal information, seriously need to be stopped, it isnt a laugh, it isnt funny, it's just mean and vindictive, this kind of virus will not discriminate between hospitals and the home, it can kill.
Didn't Microsoft offer a $250,000 to catch those who made this? I'm sure I read a thread that linked a story, that several companies are wanting the reward, so are throwing a lot at finding those responsible, more than trying to stop it, if I'm right, they need to find the author, to prevent it?
Which means, unless they were super careful in it's creation, I expect to see someone arrested for it soon, hopefully before it does infect critical systems and puts people in danger.
No time for scum who do this crap, same level as burglars who enter peoples homes IMO, throw the book at them, send a message to anyone wanting or thinking of doing similar, do this and go to jail for several years.
I have never ever had a high opinion of those who produce this kind of thing, I have always believed these kinds of people need to be thrown in prison for a long time, not people who try and find evidence of UFO's in computers.
People who create malicious viruses, with the intent on destroying software, saved work, or any kind of personal information, seriously need to be stopped, it isnt a laugh, it isnt funny, it's just mean and vindictive, this kind of virus will not discriminate between hospitals and the home, it can kill.
Didn't Microsoft offer a $250,000 to catch those who made this? I'm sure I read a thread that linked a story, that several companies are wanting the reward, so are throwing a lot at finding those responsible, more than trying to stop it, if I'm right, they need to find the author, to prevent it?
Which means, unless they were super careful in it's creation, I expect to see someone arrested for it soon, hopefully before it does infect critical systems and puts people in danger.
No time for scum who do this crap, same level as burglars who enter peoples homes IMO, throw the book at them, send a message to anyone wanting or thinking of doing similar, do this and go to jail for several years.
new topics
-
God's Righteousness is Greater than Our Wrath
Religion, Faith, And Theology: 2 hours ago -
Electrical tricks for saving money
Education and Media: 5 hours ago -
VP's Secret Service agent brawls with other agents at Andrews
Mainstream News: 6 hours ago -
Sunak spinning the sickness figures
Other Current Events: 7 hours ago -
Nearly 70% Of Americans Want Talks To End War In Ukraine
Political Issues: 7 hours ago -
Late Night with the Devil - a really good unusual modern horror film.
Movies: 9 hours ago -
Cats Used as Live Bait to Train Ferocious Pitbulls in Illegal NYC Dogfighting
Social Issues and Civil Unrest: 11 hours ago
top topics
-
VP's Secret Service agent brawls with other agents at Andrews
Mainstream News: 6 hours ago, 9 flags -
Florida man's trip overseas ends in shock over $143,000 T-Mobile phone bill
Social Issues and Civil Unrest: 17 hours ago, 8 flags -
Cats Used as Live Bait to Train Ferocious Pitbulls in Illegal NYC Dogfighting
Social Issues and Civil Unrest: 11 hours ago, 8 flags -
Electrical tricks for saving money
Education and Media: 5 hours ago, 4 flags -
Bobiverse
Fantasy & Science Fiction: 17 hours ago, 3 flags -
HORRIBLE !! Russian Soldier Drinking Own Urine To Survive In Battle
World War Three: 15 hours ago, 3 flags -
Nearly 70% Of Americans Want Talks To End War In Ukraine
Political Issues: 7 hours ago, 3 flags -
Sunak spinning the sickness figures
Other Current Events: 7 hours ago, 3 flags -
Late Night with the Devil - a really good unusual modern horror film.
Movies: 9 hours ago, 2 flags -
The Good News According to Jesus - Episode 1
Religion, Faith, And Theology: 12 hours ago, 1 flags
active topics
-
VP's Secret Service agent brawls with other agents at Andrews
Mainstream News • 40 • : ThatSmellsStrange -
Cats Used as Live Bait to Train Ferocious Pitbulls in Illegal NYC Dogfighting
Social Issues and Civil Unrest • 20 • : Asher47 -
Nearly 70% Of Americans Want Talks To End War In Ukraine
Political Issues • 12 • : Asher47 -
Electrical tricks for saving money
Education and Media • 4 • : Lumenari -
New whistleblower Jason Sands speaks on Twitter Spaces last night.
Aliens and UFOs • 54 • : Ophiuchus1 -
DONALD J. TRUMP - 2024 Candidate for President - His Communications to Americans and the World.
2024 Elections • 514 • : WeMustCare -
The Acronym Game .. Pt.3
General Chit Chat • 7744 • : bally001 -
Truth Social goes public, be careful not to lose your money
Mainstream News • 128 • : Astyanax -
Sunak spinning the sickness figures
Other Current Events • 5 • : glen200376 -
SETI chief says US has no evidence for alien technology. 'And we never have'
Aliens and UFOs • 44 • : MikeDeGrasseTyson