BIOS infection - an item for discussion
in [Viruses]
|
From: ~BD~ on 16 Jun 2010 13:00 "FromTheRafters" <erratic(a)nomail.afraid.org> wrote in message news:hvaoof$e2s$1(a)news.eternal-september.org... > "~BD~" <BoaterDave.(a)hotmail.co.uk> wrote in message > news:hvaj7n$6li$1(a)news.eternal-september.org... > > [...] > >> A *user* cannot see what the BIOS chip is programmed to do though >> ............ or can they? > > Yes, they can. They need to learn how to see it, and then they'll need > to learn how to interpret what they see. > > http://sites.google.com/site/pinczakko/pinczakko-s-guide-to-award-bios-reverse-engineering Thanks ........ but that's just *too* deep when I'm actually boating! ;-) -- Dave
From: ~BD~ on 16 Jun 2010 12:55 "Dustin Cook" <bughunter.dustin(a)gmail.com> wrote in message news:Xns9D997F3DC5550HHI2948AJD832(a)69.16.185.247... > "~BD~" <.BoaterDave(a)hotmail.co.uk> wrote in news:hv9ucn$s0u$1 > @news.eternal-september.org: > >> "FromTheRafters" <erratic(a)nomail.afraid.org> wrote in message >> news:hv9871$17r$1(a)news.eternal-september.org... >>> "gufus" <stop.nospam.gbbsg(a)shaw.ca> wrote in message >>>> Or could the BIOS code be flashed via malware? >>> >>> Yes, that is the implication. CIH demonstrated this fact by >>> corrupting >>> the BIOS firmware of vulnerable motherboards. >>> >>> The possibility exists that something useful from an attackers point >>> of view can be done with this additional storage area. Any attack of >>> this sort would be very hardware specific, and not too likely to >>> become a mobile code malware problem. >> >> It seems to follow, then, that if malware *can* be stored in the BIOS >> ROM chip, even if a hard disk is cleaned (or replaced by a new one) >> and >> the operating system reloaded from scratch, the malware *could* be >> resurrected - as if from the dead! > > Not Rom, EEPROM. A ROM CHIP can't be written too. It's a one burn, one > life deal. EEPROM is what your thinking of. You are correct - sorry! > Unfortunatly, the malware in question would be very hardware specific. > One BIOS doesn't fit all. I appreciate that. Mine was MSI >> With the powerful machines available to just ordinary folk nowadays, >> a >> user might never know that their machine was infected and/or >> controlled >> by an outside agency. > > That's possible and already occurs on a daily basis without the need > to > alter the system BIOS. Agreed! :) >> As far as I know, there is no way a user can check what is contained >> within/on the BIOS chip - so no way to know whether or not a machine >> *has* actually been compromised! Might this warrant a new thread for >> discussion? <wink> > > A user could dump his/her BIOS to a file and have a looksee inside. > The > BIOS isn't exactly sealed up tight like fort knox or anything. > Everything > on PC is open architecture, a reverse engineering persons delight! I've read here: http://sites.google.com/site/pinczakko/pinczakko-s-guide-to-award-bios-reverse-engineering Could you help me understand how to " dump my BIOS to a file and have a looksee inside"? -- Dave
From: FromTheRafters on 16 Jun 2010 14:14 "~BD~" <BoaterDave.(a)hotmail.co.uk> wrote in message news:hvb0ve$68t$1(a)news.eternal-september.org... > Could you help me understand how to " dump my BIOS to a file and have > a looksee inside"? From the article that you cut&pasted from, see the section: ---[3.2.1 - Dumping the real BIOS firmware ....don't you even read the stuff you post? :o)
From: CiderScratter on 16 Jun 2010 16:37 On Tue, 15 Jun 2010 17:50:37 -0600, "gufus" <stop.nospam.gbbsg(a)shaw.ca> wrote: >Hello, David! > >You wrote on Tue, 15 Jun 2010 19:41:56 -0400: > > FL>> Or something to pickup the oil.. (DARN BP) > DHL> > DHL> Boycott the BP phuckers ! > >Defiantly /BAD/ news hu.. AGREED! Boycott BP Greed for oil. BP was just providing a service that was demanded. You keep pushing the boundaries and mistakes will be made. Maybe there was some incompetence by the crew on the rig but the real problem was greed and not BP. I for one will only buy BP from now on.
From: "FromTheRafters" erratic on 16 Jun 2010 16:47
"CiderScratter" <cider-scratter(a)hotmail.invalid> wrote in message news:73di16948q6nujq521n2cskmocni5bi9g8(a)4ax.com... > On Tue, 15 Jun 2010 17:50:37 -0600, "gufus" <stop.nospam.gbbsg(a)shaw.ca> > wrote: > >>Hello, David! >> >>You wrote on Tue, 15 Jun 2010 19:41:56 -0400: >> >> FL>> Or something to pickup the oil.. (DARN BP) >> DHL> >> DHL> Boycott the BP phuckers ! >> >>Defiantly /BAD/ news hu.. AGREED! Boycott BP > > Greed for oil. > BP was just providing a service that was demanded. > You keep pushing the boundaries and mistakes will be made. > Maybe there was some incompetence by the crew on the rig but the real > problem was greed and not BP. > I for one will only buy BP from now on. It's not really a good idea to put economic stress on the rest of the gulf coast residents by messing with their oil related jobs. One disaster at a time please. |