BIOS infection - an item for discussion
in [Viruses]
|
From: ~BD~ on 16 Jun 2010 09:23 ----- Original Message ----- From: "FromTheRafters" <erratic(a)nomail.afraid.org> Newsgroups: alt.comp.virus Sent: Wednesday, June 16, 2010 12:56 PM Subject: Re: BIOS infection - an item for discussion > "~BD~" <.BoaterDave(a)hotmail.co.uk> wrote in message > news:hv9ucn$s0u$1(a)news.eternal-september.org... >> >> "FromTheRafters" <erratic(a)nomail.afraid.org> wrote in message >> news:hv9871$17r$1(a)news.eternal-september.org... >>> "gufus" <stop.nospam.gbbsg(a)shaw.ca> wrote in message >>>> Or could the BIOS code be flashed via malware? >>> >>> Yes, that is the implication. CIH demonstrated this fact by >>> corrupting the BIOS firmware of vulnerable motherboards. >>> >>> The possibility exists that something useful from an attackers point >>> of view can be done with this additional storage area. Any attack of >>> this sort would be very hardware specific, and not too likely to >>> become a mobile code malware problem. >> >> It seems to follow, then, that if malware *can* be stored in the BIOS >> ROM chip, > > EEPROM chip. <shrug> OK! >> even if a hard disk is cleaned (or replaced by a new one) and the >> operating system reloaded from scratch, the malware *could* be >> resurrected - as if from the dead! > > No, whatever malware fragments there were in there would have to > suffice on their own. Again - OK. Perhaps *that* is feasible. >> With the powerful machines available to just ordinary folk nowadays, >> a user might never know that their machine was infected and/or >> controlled by an outside agency. > > This is true, even without the whole BIOS patching vector. I know. Most folk don't seem to want to acknowledge this though! >> Impossible? Cybercrime is still escalating exponentially, in spite of >> all the anti-virus/anti-malware programmes available nowadays. How? >> >> Food for more thought, IMO. >> >> As far as I know, there is no way a user can check what is contained >> within/on the BIOS chip - so no way to know whether or not a machine >> *has* actually been compromised! Might this warrant a new thread for >> discussion? <wink> > > It is a block device that can be read from and written to. I've read ............. Block devices *********** Block special files or block devices correspond to devices through which the system moves data in the form of blocks. These device nodes often represent addressable devices such as hard disks, CD-ROM drives, or memory-regions. Block devices often support random access and seeking, and generally use buffered input and output routines. The operating system allocates a data buffer to hold a single block each for input and output. When a program sends a request to read data from or to write data to the device, the system stores each character of that data in the appropriate buffer. When the buffer fills up, the appropriate operation takes place (data transfer) and the system clears the buffer. Ref: http://en.wikipedia.org/wiki/Device_file *** BUT *** A *user* cannot see what the BIOS chip is programmed to do though ............. or can they? -- Dave BD - always willing to learn!
From: FromTheRafters on 16 Jun 2010 10:57 "~BD~" <BoaterDave.(a)hotmail.co.uk> wrote in message news:hvaj7n$6li$1(a)news.eternal-september.org... [...] > A *user* cannot see what the BIOS chip is programmed to do though > ............ or can they? Yes, they can. They need to learn how to see it, and then they'll need to learn how to interpret what they see. http://sites.google.com/site/pinczakko/pinczakko-s-guide-to-award-bios-reverse-engineering
From: Peter Foldes on 16 Jun 2010 11:48 You are paranoid and not all there -- Peter Please Reply to Newsgroup for the benefit of others Requests for assistance by email can not and will not be acknowledged. http://www.microsoft.com/protect "~BD~" <BoaterDave.(a)hotmail.co.uk> wrote in message news:hva048$a1s$1(a)news.eternal-september.org... > > "Peter Foldes" <maci252211(a)hotmail.com> wrote in message > news:hv93ko$le8$1(a)speranza.aioe.org... >>> In real life, my pal from IBM has said that he HAS seen this! >>> >>> Tell me again who the *we* is to which you allude. >>> >>> Why should I believe you - a cyber-adviser - as against a real life guru? >> >> If Your Guru friend claims that the Bios can be infected with a virus then I am >> King of England. The Bios cannot get infected with a virus. Period > > I used the term 'virus' in the generic sense to mean MALWARE. > > Are you now going to dispute what FromTheRafters has said in this thread - that it > *is* possible? > >> David stop beating a dead horse for the last 2 years and get it through that hard >> head of yours that you are a cretin and an ignorant fool when it comes to >> computers > > I'm very well aware that I know little about computers, Peter - that was why I > first visited the Microsoft Communities five years ago, to learn. > > I had not expected to be told lies, something you have done consistently since we > first met on the Annexcafe User2User newsgroup (a private server - not available > to unregistered folk - start here: http://www.annexcafe.com/ ). It always seems to > me that you are trying to hide something - what are you afraid of? Why did you > follow me to this newsgroup? I came to alt.comp.virus for truthful answers! ;-) > > -- > Dave >
From: Dustin Cook on 16 Jun 2010 12:29 "~BD~" <.BoaterDave(a)hotmail.co.uk> wrote in news:hv9ucn$s0u$1 @news.eternal-september.org: > "FromTheRafters" <erratic(a)nomail.afraid.org> wrote in message > news:hv9871$17r$1(a)news.eternal-september.org... >> "gufus" <stop.nospam.gbbsg(a)shaw.ca> wrote in message >>> Or could the BIOS code be flashed via malware? >> >> Yes, that is the implication. CIH demonstrated this fact by corrupting >> the BIOS firmware of vulnerable motherboards. >> >> The possibility exists that something useful from an attackers point >> of view can be done with this additional storage area. Any attack of >> this sort would be very hardware specific, and not too likely to >> become a mobile code malware problem. > > It seems to follow, then, that if malware *can* be stored in the BIOS > ROM chip, even if a hard disk is cleaned (or replaced by a new one) and > the operating system reloaded from scratch, the malware *could* be > resurrected - as if from the dead! Not Rom, EEPROM. A ROM CHIP can't be written too. It's a one burn, one life deal. EEPROM is what your thinking of. Unfortunatly, the malware in question would be very hardware specific. One BIOS doesn't fit all. > With the powerful machines available to just ordinary folk nowadays, a > user might never know that their machine was infected and/or controlled > by an outside agency. That's possible and already occurs on a daily basis without the need to alter the system BIOS. > As far as I know, there is no way a user can check what is contained > within/on the BIOS chip - so no way to know whether or not a machine > *has* actually been compromised! Might this warrant a new thread for > discussion? <wink> A user could dump his/her BIOS to a file and have a looksee inside. The BIOS isn't exactly sealed up tight like fort knox or anything. Everything on PC is open architecture, a reverse engineering persons delight! -- A fanatic is one who can't change his mind and won't change the subject -Winston Churchill
From: ~BD~ on 16 Jun 2010 12:58
"Dustin Cook" <bughunter.dustin(a)gmail.com> wrote in message news:Xns9D98C366A34D2HHI2948AJD832(a)69.16.185.247... > > Corrupted; actually. Infected, highly unlikely. But possible? ;-) Dave - Sometimes man stumbles over the truth...... Sir Winston Churchill |