Slashdot Mirror

← Back to Stories (view on slashdot.org)

Malware Running On Graphics Cards

Posted by CmdrTaco on from the freeing-up-the-cpu dept.

An anonymous reader writes "Given the great potential of general-purpose computing on graphics processors, it is only natural to expect that malware authors will attempt to tap the powerful features of modern GPUs to their benefit. In this paper, the authors demonstrate the feasibility of implementing a malware that can utilize the GPU (PDF) to evade virus scanning applications. Moreover, the authors discuss the potential of more sophisticated attacks, like accessing the screen pixels periodically to harvest private data displayed on the user screen, or to trick the the user by displaying false, benign-looking information when visiting rogue web sites (e.g., overwriting suspicious URLs with benign-looking ones in the browser's address bar)."

7 of 103 comments (clear)

  1. I guess it already happened to me by Yvan256 · · Score: 5, Funny

    It says slashdot.org in my URL bar but since the last few months the comments of users appear to be from digg.

  2. I am pleased by Reilaos · · Score: 5, Funny

    With this technology, new, more sophisticated Rickrolling is now possible.

  3. I will show them... by halfEvilTech · · Score: 5, Interesting

    "Moreover, the authors discuss the potential of more sophisticated attacks, like accessing the screen pixels periodically and harvest private data displayed on the user screen"

    I guess we just change all fields to mask the entries with **** or if we want to really fool them use dots.

  4. Hehe, what goes around comes around by arivanov · · Score: 4, Interesting

    I used to run a small computer repair and write-to-order software shop for a living while in the Uni with two more people. One of them had that idea around 1994. In those days it was just to store the code in the video RAM pages which are not directly accessible to a scanner and keep a small polymorphic backstrap routine in main memory.

    What goes around comes around. Looks like this is using a similar approach. Even if you compute some stuff on the card you still need a bootstrap within the main system to use it and talk back to the "mothership".

    --
    Baker's Law: Misery no longer loves company. Nowadays it insists on it
    http://www.sigsegv.cx/
  5. Popups 2.0 by BradleyUffner · · Score: 4, Interesting

    This should make for some wonderful new kinds of pop up ads that can't be dismissed or in any way taken out of focus.

  6. Driver problem by TheRaven64 · · Score: 4, Interesting

    Modern GPUs include memory protection, so different processes can be prevented from reading each others' VRAM, just as they can be prevented from running each others' RAM. This is not always used by the drivers, which may just map the entire physical VRAM into the GPU's virtual address space. With properly written drivers, this is much harder.

    The big malware potential comes from WebGL. This allows you to run arbitrary GLSL code in the browser's (GPU) address space. Although you probably can't take over the entire display, you can potentially take over the entire browser window without permission. Hopefully, the driver will give you entirely separate GPU address spaces per GL context, but given how incompetent AMD and nVidia's driver teams have demonstrated themselves to be, I doubt it.

    --
    I am TheRaven on Soylent News
  7. Re:Government researchers? by blair1q · · Score: 4, Insightful

    Before you can build a wall, you have to imagine someone walking over the imaginary line at the edge of your yard.

    Or you can figure out that a wall would have been useful after they come into your yard, but then it's too late.

    See, most taxpayers understand that we pay taxes to prevent the crime, we don't wait until it happens and then rail that the government isn't doing anything about it.