x539
join:2003-08-23
Oklahoma City, OK
| reply to kpatz
Re: A super trojan?
quote:
Do video cards have flash BIOSes? I always thought whatever firmware they ran was loaded by the video driver when Windows boots up. At least I've never heard of flashing a video card, but I suppose some cards do have this.
Another reason would be to flash a PC video card with the correct ROM needed for it to work in a Mac. I did this a few years ago on an ATi card. |
|
novaflare
The Dragon Was Here
Premium
join:2002-01-24
Barberton, OH
| said by x539  :
quote:
Do video cards have flash BIOSes? I always thought whatever firmware they ran was loaded by the video driver when Windows boots up. At least I've never heard of flashing a video card, but I suppose some cards do have this.
Another reason would be to flash a PC video card with the correct ROM needed for it to work in a Mac. I did this a few years ago on an ATi card.
I remember seeing that posted i understand theres not alot of diff between the bios on the cards. Was right after macs started useing pin compatible agp cards.
--
new 3d chat comunity at »planetvirtuel.com my site »spellbound.valshea.com/news.php |
|
x539
join:2003-08-23
Oklahoma City, OK
| quote:
I remember seeing that posted i understand theres not alot of diff between the bios on the cards. Was right after macs started useing pin compatible agp cards.
If you mean the difference between the BIOS on a Mac card and on a PC card, it's a difference between working and not working ;-P. Basically the Mac ROMs contain the necessary low-level drivers for Open Firmware to recognize the card.
If you mean the difference between the BIOS on one Mac card and another similar card by the same manufacturer, that's the whole point of the exercise. Basically at the time that this was more common there was not a lot of choice in the Mac video card market. Not very many cards were available in a Mac version, and most of them were significantly more expensive than their PC counterparts. Apple supported and shipped certain cards in their machines. The ROMs included on those cards could be extracted and flashed onto the same or similar PC versions of the cards, giving the person who wanted to upgrade their Mac more choice and cheaper options (albeit at a greater risk). I don't know whether people still do this or not. There are more cards available in Mac versions these days, so I've seen no compelling reason to do so myself since then. |
|
jansson_mark
Markus Jansson
Premium
join:2001-08-05
Finland
| reply to zmaugy
Ouch
This whole topic makes me feel like I need to put my aluminium foil hat on...
Yes, its true viruses can be basicly anywhere... But if someone can create a virus that reflashes most popular BIOS/video card/HDD memory and then starts infecting the rest of the computer, we are in trouble. Seriously, we are in biiiig trouble. 
The virus could also create "payload" to the hdd in the last sectors of the hdd, and then call upon it when booted/started up. This way, even formatting the whole hdd would not make any difference, since the payload is still in the hdd at specific sector of it. The only way to cure this kind of infection would be, to same time, flash all the flashable components on the computer and then overwrite the hdd with tool like DBAN. Ofcourse, currently, there arent any tools for that.
Concider the doomsday scenario too. Concider, that this kind of virus would start infecting other computers. Then, on one particular time or when some particular piece of code would be read by it (just simple word or graphic in case of infected graphic card), it would activate. Upon activating, it would overwrite all the bios it can find and file allocation tables of the hdd. Basicly speaking, you would have to dump your computer with your garbage. Now, if millions of people would have to do that...
--
My computer security & privacy related homepage »www.markusjansson.net Use HushTools or GnuPG/PGP to encrypt any email before sending it to me to protect our privacy. |
|
novaflare
The Dragon Was Here
Premium
join:2002-01-24
Barberton, OH
| said by jansson_mark :
This whole topic makes me feel like I need to put my aluminium foil hat on...
Yes, its true viruses can be basicly anywhere... But if someone can create a virus that reflashes most popular BIOS/video card/HDD memory and then starts infecting the rest of the computer, we are in trouble. Seriously, we are in biiiig trouble.
The virus could also create "payload" to the hdd in the last sectors of the hdd, and then call upon it when booted/started up. This way, even formatting the whole hdd would not make any difference, since the payload is still in the hdd at specific sector of it. The only way to cure this kind of infection would be, to same time, flash all the flashable components on the computer and then overwrite the hdd with tool like DBAN. Ofcourse, currently, there arent any tools for that.
Concider the doomsday scenario too. Concider, that this kind of virus would start infecting other computers. Then, on one particular time or when some particular piece of code would be read by it (just simple word or graphic in case of infected graphic card), it would activate. Upon activating, it would overwrite all the bios it can find and file allocation tables of the hdd. Basicly speaking, you would have to dump your computer with your garbage. Now, if millions of people would have to do that...
memory is not infectable nor is cpu. Only hard ware with a bios. Some hds and cd/dvd roms all mother boards alot of video cards and older programable keyboards. I forgot about printers. Ive not yet seen a router be infected but if some one does make one that does then were are truely screwed. Isp router gets infected viri goes out with arp trafic and infects any pc not blocking arp. far fetched sure but possible.
--
new 3d chat comunity at »planetvirtuel.com my site »spellbound.valshea.com/news.php |
|
MadMorbius
Premium
join:2004-04-07
Mississauga, ON | You can format a disk to your heart's content and a boot-sector bug will still come up.
I don't buy it. |
|
TheWiseGuy
Dog And Butterfly
Premium,MVM
join:2002-07-04
Yonkers, NY
| reply to zmaugy
Re: A super trojan?
said by zmaugy :
I'm no computer expert, but the thing is that also my computer is calling that IP 239.255.255.250:1900
Not weird at all, 239.255.255.250 is uPNP and is normal, unless you turn it off and turn off the SSDP discovery service and that still might not stop it if the Windows Messenger service is using the SSDP discovery process.
»support.microsoft.com/default.as···;q317843
»grc.com/unpnp/unpnp.htm
»www.updatexp.com/upnp_security.html
»www.winguides.com/registry/display.php/1235/
said by kpatz :
The "ramdisk" BIOS is a misnomer, and the CMOS is too small to contain any useful executable code. Most anything that overwrites a flash BIOS would render the machine unbootable, unless they created trojan code that is customized for every motherboard/BIOS combination out there (a daunting task to say the least). Even if it could be done, I doubt there'd be enough free space in the BIOS EEPROM to embed a boot image and "ISOs" as they so elegantly put it.
I think it's either a hoax, or someone who did get a trojan and is blowing the details way out of proportion. For example, if he reformatted and got infected again, perhaps it came in through a vulnerable service (hint, use a firewall).
Makes sense to me.
--
Dog and Butterfly |
|
kpatz
MY HEAD A SPLODE
Premium
join:2003-06-13
Manchester, NH
| reply to novaflare
Re: Ouch
said by novaflare :
memory is not infectable nor is cpu. Only hard ware with a bios. Some hds and cd/dvd roms all mother boards alot of video cards and older programable keyboards. I forgot about printers. Ive not yet seen a router be infected but if some one does make one that does then were are truely screwed. Isp router gets infected viri goes out with arp trafic and infects any pc not blocking arp. far fetched sure but possible.
Memory is only infectable while the PC is on. For the virus to persist across a power-cycle it has to reside somewhere non-volatile, either on a disk, or in flash memory somewhere.
The other criteria for a virus to survive is that it has to be executed somehow. The doomsday "ARP traffic virus" or "printer virus" scenario would require the ability for ARP traffic (or the printer) to carry executable code that is then executed by the targeted system. Normally this won't happen, unless there is a vulnerability (buffer overflow perhaps) in the target system that allows this to happen. Even if I reflashed the firmware on my DVD-ROM (for example) with a virus, unless something reads that firmware back into the PC and executes it, the virus won't spread beyond the DVD-ROM drive.
Also, if malware code hides in the last (or any) sectors of the HDD, something still has to read that code into memory, and then execute it. To do so would require either a BIOS reflash or a modification of the MBR, boot record or other executable code within the OS.
MBR and boot viruses can survive formats, if the format doesn't wipe or rebuild the MBR or boot record. A utility like Delpart, or FDISK /MBR, followed by a format should eliminate any boot virus, provided it isn't resident in memory at the time of the format.
--
Robert Tappan Morris, Jr., got six months in jail for crashing 10% of the computers that Bill Gates made $100 million crashing last weekend. |
|
j823777
@bulldogdsl.com | reply to zmaugy
Re: A super trojan?
239.255.255.250 port 1900 is the Simple Service Discovery Protocol (SSDP) using multicast to locate a gateway. Perfectly normal, nothing to worry about. |
|
novaflare
The Dragon Was Here
Premium
join:2002-01-24
Barberton, OH
| reply to kpatz
Re: Ouch
said by kpatz :
said by novaflare :
memory is not infectable nor is cpu. Only hard ware with a bios. Some hds and cd/dvd roms all mother boards alot of video cards and older programable keyboards. I forgot about printers. Ive not yet seen a router be infected but if some one does make one that does then were are truely screwed. Isp router gets infected viri goes out with arp trafic and infects any pc not blocking arp. far fetched sure but possible.
Memory is only infectable while the PC is on. For the virus to persist across a power-cycle it has to reside somewhere non-volatile, either on a disk, or in flash memory somewhere.
The other criteria for a virus to survive is that it has to be executed somehow. The doomsday "ARP traffic virus" or "printer virus" scenario would require the ability for ARP traffic (or the printer) to carry executable code that is then executed by the targeted system. Normally this won't happen, unless there is a vulnerability (buffer overflow perhaps) in the target system that allows this to happen. Even if I reflashed the firmware on my DVD-ROM (for example) with a virus, unless something reads that firmware back into the PC and executes it, the virus won't spread beyond the DVD-ROM drive.
Also, if malware code hides in the last (or any) sectors of the HDD, something still has to read that code into memory, and then execute it. To do so would require either a BIOS reflash or a modification of the MBR, boot record or other executable code within the OS.
MBR and boot viruses can survive formats, if the format doesn't wipe or rebuild the MBR or boot record. A utility like Delpart, or FDISK /MBR, followed by a format should eliminate any boot virus, provided it isn't resident in memory at the time of the format.
Well i can asure you its very possible at least with old style keyboards with programable fution keys. What your asumeing is the virus wants to execute on keypress or access all it wants to do is get some where it can be executed. I wish i still had that keyboard id get at the virus on it some how and figure out what makes it work. But my idiot brother decided he could get a quick buck out of it stole it and sold it to some one. Even though i had a big red do not touch this keyboard it is infected with a virus wrote across the top. Any how im not sure where it coppied it self to ut once you hit a f13 - f24 funtion key you was done next reboot or relog in to windows you was reinfected. My guess is it over wrote some on boot only exe something it could over write on win 95/98 that would start up temp dureing boot up at which time the virus spread and wiped out system files till it could no longer do so. By that time the computer was rendered unbootable and windows would die mid boot.
--
new 3d chat comunity at »planetvirtuel.com my site »spellbound.valshea.com/news.php |
|
SigmaSix
join:2002-03-12
1 edit | reply to zmaugy
Re: A super trojan?
This is like the past posts we have seen of a "super hacker" or "super virus", I can't believe some of the stuff that is written. 
--
In GOD I trust, everyone else bring data. |
|
