[prev in list] [next in list] [prev in thread] [next in thread]
List: dailydave
Subject: Re: Re[2]: [Dailydave] Microsoft Says Recovery from Malware Becoming
From: "val smith" <mvalsmith () gmail ! com>
Date: 2006-04-27 19:27:36
Message-ID: f60c0c200604271227q7e73ea6tf553ae4df0cc7bce () mail ! gmail ! com
[Download RAW message or body]
Maybe check out http://www.rootkit.com and look for
MTDWin - A driver that will identify writable memory chips / FlashRAM /
EEPROM on the motherboard.
description
VideoCardKit - A driver that can store executable code in a FLASH or EEPROM
and submit this code to be executed from the video processor in order to
patch kernel memory.
Those look kind of like PoC's to me although i havent see the code yet.
V.
On 4/27/06, Thierry Zoller <Thierry@zoller.lu> wrote:
>
> Dear Dinis Cruz,
>
> DC> What about malware placed the computer's hardware?
> Bios is not hardware, how can you "place malware" on a cpu ?
>
> Where is your PoC?
>
> DC> A rebuild will not eliminate these.
> They'd need to exist first. Do they? I'd be interested.
>
>
>
> --
> http://secdev.zoller.lu
> Thierry Zoller
> Fingerprint : 5D84 BFDC CD36 A951 2C45 2E57 28B3 75DD 0AC6 F1C7
>
>
[Attachment #3 (text/html)]
Maybe check out <a href="http://www.rootkit.com">http://www.rootkit.com</a> and look \
for<br><br>MTDWin - A driver that will identify writable memory chips / FlashRAM / \
EEPROM on the motherboard.<br>description <br><br>VideoCardKit - A driver that can \
store executable code in a FLASH or EEPROM and submit this code to be executed from \
the video processor in order to patch kernel memory. <br><br>Those look kind of like \
PoC's to me although i havent see the code yet.<br><br>V.<br><br><div><span \
class="gmail_quote">On 4/27/06, <b class="gmail_sendername">Thierry Zoller</b> <<a \
href="mailto:Thierry@zoller.lu"> Thierry@zoller.lu</a>> wrote:</span><blockquote \
class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt \
0pt 0.8ex; padding-left: 1ex;">Dear Dinis Cruz,<br><br>DC> What about malware \
placed the computer's hardware? <br>Bios is not hardware, how can you "place \
malware" on a cpu ?<br><br>Where is your PoC?<br><br>DC> A rebuild will not \
eliminate these.<br>They'd need to exist first. Do they? I'd be \
interested.<br><br><br> <br>--<br><a \
href="http://secdev.zoller.lu">http://secdev.zoller.lu</a><br>Thierry \
Zoller<br>Fingerprint : 5D84 BFDC CD36 A951 2C45 2E57 28B3 75DD 0AC6 \
F1C7<br><br></blockquote></div><br>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic