|
-
March 3rd, 2007, 02:23 PM
#1
Flashed with a virus?
This is not exactly a new concept, but it came up again at the recent BlackHat.
The idea is that you could be attacked by a virus that flashed the firmware associated with peripheral devices via their ROM.
It is certainly possible, but I don't think it is anything to get too concerned about at the moment. It is difficult to do, and would only be effective against specific targets.
That said, If you encounter suspicious activity that you cannot trace to conventional vectors it might be worth considering flashing your firmware? assuming, of course that the new firmware is larger or the flash includes blank space to fill the entire EPROM.
Article:
http://www.securityfocus.com/brief/447
-
March 3rd, 2007, 07:23 PM
#2
Previously posted 
http://antionline.com/showthread.php?t=274831
Yes...it is very scarey
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
March 3rd, 2007, 09:06 PM
#3
Actually Morgana~ I was aware of the link to the BlackHat conference, I was inviting some conversation on the matter.
The first bit is only relevant to AMD 64 bit technology.......... probably dual core, I cannot remember as it came out about 9 months or more ago?
The newer issue is what about attacks on your video cards? There is spare EPROM memory on those, soundcards and stuff?........................ what would you do............. trash your PC? .............trash your PCI cards?
PS: Will you be able to see tonight's total eclipe of the moon from where you are?
-
March 4th, 2007, 09:08 PM
#4
No eclipse for me...was cloudy and snowy
Although I have seen them before.
I am not a hardware spurt...so my answer to your question as to what would I do...could I not just flash it back with the manufacturers settings using the same method it got infected.......instead of trashing the PC\hardware??
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
March 4th, 2007, 10:05 PM
#5
Hey Morgana~ better luck on August 28th. !!! we have two of them this year 
Well, on with the subject:
If I have an infected card, how do I know which one? I would guess that my approach would be to re-flash all my PCI stuff.
That brings me to my logical problem
Would a re-flash actually overwrite the malware?
1. If prepended then the answer = yes
2. If appended, then it would depend on the size of the flash? if it were bigger, then that should be OK?
3. Does the flash write to the whole of the EPROM space?....this is very important as if it doesn't and the re-flash is exactly the same size, then the appended malware will remain exactly where and how it was?
I personally am not aware of anything that scans EPROM memory, or looks at firmware?
Last edited by nihil; March 5th, 2007 at 02:53 PM.
-
March 6th, 2007, 11:24 AM
#6
hmmm.....if the overwrite came short of the virus or was the same size as before, I suspect you would still be ok as there would be no pointers to the virus to execute it and there would be some sort of "End of File" marker at the end of the valid code, once again stopping the virus running.
Like when you wreck LILO because windows somehow clobbered the start of the partition, Linux is still there, but theres no pointer to it.
If the world doesn't stop annoying me I will name my kids ";DROP DATABASE;" and get revenge.
Similar Threads
-
By E5C4P3 in forum AntiVirus Discussions
Replies: 12
Last Post: April 30th, 2013, 08:05 PM
-
By foxdie in forum AntiVirus Discussions
Replies: 11
Last Post: April 4th, 2004, 02:52 AM
-
By ahmedmamuda in forum AntiVirus Discussions
Replies: 2
Last Post: March 20th, 2002, 02:03 AM
-
By 3ntropy in forum AntiOnline's General Chit Chat
Replies: 10
Last Post: March 4th, 2002, 11:32 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote