'Re: Re[2]: [Dailydave] Microsoft Says Recovery from Malware Becoming'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       dailydave
Subject:    Re: Re[2]: [Dailydave] Microsoft Says Recovery from Malware Becoming
From:       "val smith" <mvalsmith () gmail ! com>
Date:       2006-04-27 19:27:36
Message-ID: f60c0c200604271227q7e73ea6tf553ae4df0cc7bce () mail ! gmail ! com
[Download RAW message or body]

Maybe check out http://www.rootkit.com and look for

MTDWin - A driver that will identify writable memory chips / FlashRAM /
EEPROM on the motherboard.
description

VideoCardKit - A driver that can store executable code in a FLASH or EEPROM
and submit this code to be executed from the video processor in order to
patch kernel memory.

Those look kind of like PoC's to me although i havent see the code yet.

V.

On 4/27/06, Thierry Zoller <Thierry@zoller.lu> wrote:
>
> Dear Dinis Cruz,
>
> DC> What about malware placed the computer's hardware?
> Bios is not hardware, how can you "place malware" on a cpu ?
>
> Where is your PoC?
>
> DC> A rebuild will not eliminate these.
> They'd need to exist first. Do they? I'd be interested.
>
>
>
> --
> http://secdev.zoller.lu
> Thierry Zoller
> Fingerprint : 5D84 BFDC CD36 A951 2C45  2E57 28B3 75DD 0AC6 F1C7
>
>

[Attachment #3 (text/html)]

Maybe check out <a href="http://www.rootkit.com">http://www.rootkit.com</a> and look \
for<br><br>MTDWin - A driver that will identify writable memory chips / FlashRAM / \
EEPROM on the motherboard.<br>description <br><br>VideoCardKit - A driver that can \
store executable code in a FLASH or EEPROM and submit this code to be executed from \
the video processor in order to patch kernel memory. <br><br>Those look kind of like \
PoC's to me although i havent see the code yet.<br><br>V.<br><br><div><span \
class="gmail_quote">On 4/27/06, <b class="gmail_sendername">Thierry Zoller</b> &lt;<a \
href="mailto:Thierry@zoller.lu"> Thierry@zoller.lu</a>&gt; wrote:</span><blockquote \
class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt \
0pt 0.8ex; padding-left: 1ex;">Dear Dinis Cruz,<br><br>DC&gt; What about malware \
placed the computer's hardware? <br>Bios is not hardware, how can you &quot;place \
malware&quot; on a cpu ?<br><br>Where is your PoC?<br><br>DC&gt; A rebuild will not \
eliminate these.<br>They'd need to exist first. Do they? I'd be \
interested.<br><br><br> <br>--<br><a \
href="http://secdev.zoller.lu">http://secdev.zoller.lu</a><br>Thierry \
Zoller<br>Fingerprint : 5D84 BFDC CD36 A951 2C45&nbsp;&nbsp;2E57 28B3 75DD 0AC6 \
F1C7<br><br></blockquote></div><br>



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic