Flashed with a virus?
Results 1 to 6 of 6

Thread: Flashed with a virus?

  1. #1
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190

    Flashed with a virus?

    This is not exactly a new concept, but it came up again at the recent BlackHat.

    The idea is that you could be attacked by a virus that flashed the firmware associated with peripheral devices via their ROM.

    It is certainly possible, but I don't think it is anything to get too concerned about at the moment. It is difficult to do, and would only be effective against specific targets.

    That said, If you encounter suspicious activity that you cannot trace to conventional vectors it might be worth considering flashing your firmware? assuming, of course that the new firmware is larger or the flash includes blank space to fill the entire EPROM.

    Article:
    http://www.securityfocus.com/brief/447


  2. #2
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Previously posted

    http://antionline.com/showthread.php?t=274831

    Yes...it is very scarey

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  3. #3
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Actually Morgana~ I was aware of the link to the BlackHat conference, I was inviting some conversation on the matter.

    The first bit is only relevant to AMD 64 bit technology.......... probably dual core, I cannot remember as it came out about 9 months or more ago?

    The newer issue is what about attacks on your video cards? There is spare EPROM memory on those, soundcards and stuff?........................ what would you do............. trash your PC? .............trash your PCI cards?



    PS: Will you be able to see tonight's total eclipe of the moon from where you are?

  4. #4
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    No eclipse for me...was cloudy and snowy

    Although I have seen them before.

    I am not a hardware spurt...so my answer to your question as to what would I do...could I not just flash it back with the manufacturers settings using the same method it got infected.......instead of trashing the PC\hardware??


    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  5. #5
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hey Morgana~ better luck on August 28th. !!! we have two of them this year

    Well, on with the subject:

    If I have an infected card, how do I know which one? I would guess that my approach would be to re-flash all my PCI stuff.

    That brings me to my logical problem

    Would a re-flash actually overwrite the malware?

    1. If prepended then the answer = yes
    2. If appended, then it would depend on the size of the flash? if it were bigger, then that should be OK?
    3. Does the flash write to the whole of the EPROM space?....this is very important as if it doesn't and the re-flash is exactly the same size, then the appended malware will remain exactly where and how it was?

    I personally am not aware of anything that scans EPROM memory, or looks at firmware?
    Last edited by nihil; March 5th, 2007 at 02:53 PM.

  6. #6
    Senior Member Aardpsymon's Avatar
    Join Date
    Feb 2007
    Location
    St Annes (aaaa!)
    Posts
    434
    hmmm.....if the overwrite came short of the virus or was the same size as before, I suspect you would still be ok as there would be no pointers to the virus to execute it and there would be some sort of "End of File" marker at the end of the valid code, once again stopping the virus running.

    Like when you wreck LILO because windows somehow clobbered the start of the partition, Linux is still there, but theres no pointer to it.
    If the world doesn't stop annoying me I will name my kids ";DROP DATABASE;" and get revenge.

Similar Threads

  1. Abbr: history of the computer virus
    By E5C4P3 in forum AntiVirus Discussions
    Replies: 12
    Last Post: April 30th, 2013, 09:05 PM
  2. Virus Research Information: What Are The Different Kinds?
    By Spyder32 in forum The Security Tutorials Forum
    Replies: 18
    Last Post: September 4th, 2004, 12:23 AM
  3. The Bulgarian and Soviet Virus Factories
    By foxdie in forum AntiVirus Discussions
    Replies: 11
    Last Post: April 4th, 2004, 03:52 AM
  4. Black Wolf's Guide to Memory Resident Viruses.
    By ahmedmamuda in forum AntiVirus Discussions
    Replies: 2
    Last Post: March 20th, 2002, 02:03 AM
  5. So you want to learn about Viruses.
    By 3ntropy in forum AntiOnline's General Chit Chat
    Replies: 10
    Last Post: March 4th, 2002, 11:32 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •