-
July 28th, 2010, 09:23 PM
#1
Dell ship infected MoBos
Yep, the mighty Dell have shipped virus infected replacement server motherboards............must be something wrong with their HR and/or IT security processes?
http://www.securitynewsportal.com/cg...20with%20Virus
"Human error"..............is that the new euphemism for "they will never find the body"????
Last edited by nihil; July 28th, 2010 at 09:26 PM.
-
July 29th, 2010, 01:08 AM
#2
Wow. That's more than egg on their faces. It's a whole chicken coop.
-
July 29th, 2010, 07:37 PM
#3
As if news of defective components on the boards wasn't bad enough... now this? Let's blame China. Seems about par for the course. Oh also, don't lick the cases... lead paint.
\"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"
-HST
-
July 30th, 2010, 12:22 PM
#4
I do!, I do!
Seriously though, I wonder how many vendors of badged Chinese kit actually let them load the firmware? The answer should be "zero", but I wonder?
-
July 30th, 2010, 08:50 PM
#5
Junior Member
i don't get it??
how could a win32 program(normally written in a high level language like c vb c#) that depend on other system library's to do it's job.
runs on a low level bios ???
-
July 31st, 2010, 05:58 PM
#6
Hi mostafaxx, and welcome to AO
how could a win32 program(normally written in a high level language like c vb c#) that depend on other system library's to do it's job.
runs on a low level bios ???
I am afraid I don't have any details but can make the following suggestions:
A number of devices in your computer have memory capabilities to store the firmware that runs them. Motherboard, CD, DVD, Video Card etc.........these can usually be "flashed"
All you need to do is add your malware to the firmware and it will run as soon as the device is activated.
Like yourself, I doubt if the malware is written in a high level language such as you mention. It is most likely to be Assembly (ASM) language, microcode or whatever, that then "phones home" to get the full version of the malware and its payload.
I still have a few 5.25" 360Kb floppies with viruses in their boot sectors.
You can write some pretty nasty stuff in Assembler
-
August 2nd, 2010, 03:08 PM
#7
Originally Posted by nihil
Hi
You can write some pretty nasty stuff in Assembler
MSDos 5!
Steve
IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com
-
August 2nd, 2010, 04:33 PM
#8
Originally Posted by mostafaxx
i don't get it??
how could a win32 program
Only drivers can run at ring0 if thats what your getting at. The actual executables are irrelivant and serve no other purpose beyond calling and interfacing with the driver.
Last edited by The-Spec; August 2nd, 2010 at 10:46 PM.
-
August 2nd, 2010, 05:31 PM
#9
Junior Member
Only drivers can run at ring0 if thats what your getting at.
nop drivers and root-kit do...
i think your right nihil
i have seen couple of cmos password recovery tools
even my motherboard have a tool to flash/update the bios
Decode the following to 8-Bit ASCII : 01001001 01110011 01101100 01100001 01101101 00100000 01101001 01110011 00100000 01110100 01101000 01100101 00100000 01110011 01101111 01101100 01110101 01110100 01101001 01101111 01101110
[SIGPIC] http://www.opensuse.org/en/[/SIGPIC]
-
August 4th, 2010, 09:48 PM
#10
Well, it all depends on how many rings you have?
In computer terms supervisor mode is a hardware-mediated flag which can be changed by code running in system-level software. System-level tasks or threads will have this flag set while they are running, whereas user-space applications will not. This flag determines whether it would be possible to execute machine code operations such as modifying registers for various descriptor tables, or performing operations such as disabling interrupts
Firmware generally runs at the Kernel or HAL. Drivers work in more remote rings (1 & 2) and applications beyond that (3) Obviously, some systems only have two rings, and are pretty monolithic.
If you infect the firmware you can make the problem travel outwards. The concept isn't really what runs where, it is more one of where do I hide my malware and get it to execute?
At the kernel level all you can really do is crash the system. You need to be in the user/applications layer to cause mahem. That is where you have your higher level language malware.
EDIT:
Here is an article on System Management Mode attacks
http://www.securityfocus.com/columnists/402
Last edited by nihil; August 4th, 2010 at 09:59 PM.
Similar Threads
-
By hesperus in forum Hardware
Replies: 4
Last Post: August 31st, 2005, 04:07 PM
-
By foxdie in forum AntiVirus Discussions
Replies: 11
Last Post: April 4th, 2004, 02:52 AM
-
By t3gilligan in forum *nix Security Discussions
Replies: 18
Last Post: February 28th, 2004, 02:31 AM
-
By paldie in forum AntiOnline's General Chit Chat
Replies: 1
Last Post: August 15th, 2002, 12:31 AM
-
By NetSyn in forum AntiOnline's General Chit Chat
Replies: 31
Last Post: March 14th, 2002, 09:44 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|