Jump to content
Sign in to follow this  
Anakin_hollan

Proof of Concept virus to attack AMD processors

Recommended Posts

There has been a Chernobyl virus-revival spotted by Symantec. Some quotes:

 

"If I can get to the processor level, potentially I can really start tying myself into the core hardware. I can potentially evade some of the kernel protection and user protection. There is an attraction to virus writers to get to the lowest level possible," Weafer told vnunet.com.

 

"Once it runs, I've got pretty low level access to that system and I could do pretty well anything that I would want to do."

 

But there is a big down side because different processors speak what essentially could be seen as different Operating Code (opcode) languages.

 

"Typically, going down to the opcode level in not effective, because there are too many variants out there and you end up working on not too many machines, " said Weafer.

 

The w32.bounds and w64.bounds viruses infect systems by tying themselves to Windows executable files, which disqualifies them as so-called chip level threats. They do however employ elements of such attacks by showing an ability to executive chip level assembly code.

 

Saying as much as been able to flash the BIOS-chip... :mad:

 

Source: http://www.vnunet.com/articles/print/2163054

 

Keep your AV updated!! ;)

 

Anakin

Share this post


Link to post
Share on other sites
Guest SuppA-SnipA

holy shamoly :O

*updating BitDefender 9 Internet Security

Share this post


Link to post
Share on other sites

Here's some more info: http://www.virusalert.info/?p=virus&id=1668

 

Took the time to look up some major vendors:

 

Symantec is Cleared august 10th: http://www.symantec.com/security_response/...-080913-5115-99

McAfee: Can't find anything using Google, nor at McAfee's own site. Not even on their support forum. Maybe using different identification?

NOD32: Not found either.

TrendMicro: Same

Kaspersky: Same

Panda: Same

AVG: Same

BitDefender: Same

 

So, as it seems, only Symantec has this base covered? This could be due to the fact that it's just a Proof of concept, but still...

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...