Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Dell ship infected MoBos

  1. #1
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188

    Dell ship infected MoBos

    Yep, the mighty Dell have shipped virus infected replacement server motherboards............must be something wrong with their HR and/or IT security processes?

    http://www.securitynewsportal.com/cg...20with%20Virus

    "Human error"..............is that the new euphemism for "they will never find the body"????
    Last edited by nihil; July 28th, 2010 at 09:26 PM.

  2. #2
    Senior Member JPnyc's Avatar
    Join Date
    Jan 2005
    Posts
    2,734
    Wow. That's more than egg on their faces. It's a whole chicken coop.

  3. #3
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,187
    As if news of defective components on the boards wasn't bad enough... now this? Let's blame China. Seems about par for the course. Oh also, don't lick the cases... lead paint.
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  4. #4
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Let's blame China.
    I do!, I do!

    Seriously though, I wonder how many vendors of badged Chinese kit actually let them load the firmware? The answer should be "zero", but I wonder?


  5. #5
    Junior Member mostafaxx's Avatar
    Join Date
    Jul 2010
    Location
    Egypt-damanhour
    Posts
    15
    i don't get it??

    how could a win32 program(normally written in a high level language like c vb c#) that depend on other system library's to do it's job.

    runs on a low level bios ???

  6. #6
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hi mostafaxx, and welcome to AO

    how could a win32 program(normally written in a high level language like c vb c#) that depend on other system library's to do it's job.

    runs on a low level bios ???
    I am afraid I don't have any details but can make the following suggestions:

    A number of devices in your computer have memory capabilities to store the firmware that runs them. Motherboard, CD, DVD, Video Card etc.........these can usually be "flashed"

    All you need to do is add your malware to the firmware and it will run as soon as the device is activated.

    Like yourself, I doubt if the malware is written in a high level language such as you mention. It is most likely to be Assembly (ASM) language, microcode or whatever, that then "phones home" to get the full version of the malware and its payload.


    I still have a few 5.25" 360Kb floppies with viruses in their boot sectors.

    You can write some pretty nasty stuff in Assembler

  7. #7
    rebmeM roineS enilnOitnA steve.milner's Avatar
    Join Date
    Jul 2003
    Posts
    1,021
    Quote Originally Posted by nihil View Post
    Hi
    You can write some pretty nasty stuff in Assembler
    MSDos 5!

    Steve
    IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com

  8. #8
    Banned
    Join Date
    Jan 2008
    Posts
    605
    Quote Originally Posted by mostafaxx View Post
    i don't get it??

    how could a win32 program
    Only drivers can run at ring0 if thats what your getting at. The actual executables are irrelivant and serve no other purpose beyond calling and interfacing with the driver.
    Last edited by The-Spec; August 2nd, 2010 at 10:46 PM.

  9. #9
    Junior Member mostafaxx's Avatar
    Join Date
    Jul 2010
    Location
    Egypt-damanhour
    Posts
    15
    Only drivers can run at ring0 if thats what your getting at.
    nop drivers and root-kit do...


    i think your right nihil

    i have seen couple of cmos password recovery tools
    even my motherboard have a tool to flash/update the bios
    Decode the following to 8-Bit ASCII : 01001001 01110011 01101100 01100001 01101101 00100000 01101001 01110011 00100000 01110100 01101000 01100101 00100000 01110011 01101111 01101100 01110101 01110100 01101001 01101111 01101110

    [SIGPIC]http://www.opensuse.org/en/[/SIGPIC]

  10. #10
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Well, it all depends on how many rings you have?

    In computer terms supervisor mode is a hardware-mediated flag which can be changed by code running in system-level software. System-level tasks or threads will have this flag set while they are running, whereas user-space applications will not. This flag determines whether it would be possible to execute machine code operations such as modifying registers for various descriptor tables, or performing operations such as disabling interrupts
    Firmware generally runs at the Kernel or HAL. Drivers work in more remote rings (1 & 2) and applications beyond that (3) Obviously, some systems only have two rings, and are pretty monolithic.

    If you infect the firmware you can make the problem travel outwards. The concept isn't really what runs where, it is more one of where do I hide my malware and get it to execute?

    At the kernel level all you can really do is crash the system. You need to be in the user/applications layer to cause mahem. That is where you have your higher level language malware.

    EDIT:

    Here is an article on System Management Mode attacks

    http://www.securityfocus.com/columnists/402
    Last edited by nihil; August 4th, 2010 at 09:59 PM.

Similar Threads

  1. Dell Won't Recall Defective Mobo's
    By hesperus in forum Hardware
    Replies: 4
    Last Post: August 31st, 2005, 04:07 PM
  2. The Bulgarian and Soviet Virus Factories
    By foxdie in forum AntiVirus Discussions
    Replies: 11
    Last Post: April 4th, 2004, 02:52 AM
  3. Hacked Red Hat 7.3
    By t3gilligan in forum *nix Security Discussions
    Replies: 18
    Last Post: February 28th, 2004, 02:31 AM
  4. Dell to ship OS less PCs
    By paldie in forum AntiOnline's General Chit Chat
    Replies: 1
    Last Post: August 15th, 2002, 12:31 AM
  5. Man Denied Computer By Dell (article)
    By NetSyn in forum AntiOnline's General Chit Chat
    Replies: 31
    Last Post: March 14th, 2002, 09:44 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •