Slashdot Mirror

← Back to Stories (view on slashdot.org)

Malware Now Hiding In Graphics Cards

Posted by timothy on from the batteries-graphics-cards-and-lcd-screens dept.

mask.of.sanity writes "Researchers are closing in on a means to detect previously undetectable stealthy malware that resides in peripherals like graphics and network cards. The malware was developed by the same researchers and targeted host runtime memory using direct memory access provided to hardware devices. They said the malware was a 'highly critical threat to system security and integrity' and could not be detected by any operating system."

6 of 125 comments (clear)

  1. Seriously? Did no one see this coming? by erroneus · · Score: 5, Insightful

    This ridiculous push to offload every type of programming into GPUs including bitcoin mining and no one saw this possibility? (Sarcasm, I know people saw the possibility.)

    Measures could have been taken... but then again, what better way for the NSA and other government spies to infiltrate a computer independent of an operating system than this? Seriously. It'll work on Mac, Windows and Linux with or without proprietary drivers.

  2. Cook out the bugs by SpaceManFlip · · Score: 5, Funny
    No worries, the malware will all get cooked out while I'm overclocking the GPU. Frequently I get driver crashes while it's OC'd, and sometimes the DX11 game will dump out completely, and other times it even causes artifacts in the game while I'm cooking it up over 85 C

    So yeah, not too worried about the malware. Fever immunity FTW

  3. Re:Well... by slashmydots · · Score: 5, Funny

    You're right. Some of the crappier manufacturer's card firmware flashes basically are malicious attacks on the card that shuts them down instantly, lol.

  4. create your own payloads by Anonymous Coward · · Score: 5, Interesting

    network cards can create magical endpoints from thin air without having to send or receive any packets

    or they can look for a specific pattern in a packet and ship its contents to a preordained destination

    don't try to think about what they cannot do, think about what they can do, it's frightening

  5. Re:Well... by Anonymous Coward · · Score: 5, Informative

    3 years ago I thought of this possibility, but everyone laughed and pointed at me in my local community. Guess who's laughing now.

    Everything old is new again;

        The Virus Writer's Handbook: The Complete Guide
        (c) 1992 Terminator Z (AKA Harry McBungus)
        http://vxheaven.org/lib/static/vdat/tumisc09.htm

        [...]

          6.4 Himem: above TOM

            (TOM stands for Top Of Memory if you didn't know)

            There are plenty of places in the high memory region for viruses to find
            a cosy hidey-hole, but most are not very safe. They exist in video
            memory, shadow RAM areas and so forth. Programs such as QEMM utilize
            such holes to load drivers and shit, but what's the point of devoting 1k
            of code to find a failsafe hole when you can hide somewhere else for
            less?

            Hiding in video ram is utterly stupid, but nevertheless some programmers
            insist on loading them there. Hmm, maybe they could hook int 10h (video)
            to intercept any calls to change modes and move themselves
            accordingly............... hmm that's actually not a bad idea. But
            where to move to? Why not stay somewhere else and save the bother?

            Also, remember that the majority of PCs in the world are (still) shitbox
            XT's -- they don't have RAM in areas which aren't used, unlike 286/386
            machines and above. You might as well try scratching your name into a
            diamond with a steel file.

            Don't bother with this method unless you're adventurous or stupid.

            Viruses which use this technique:
                            MG-3

        [...]

  6. Re:You were not alone by Smallpond · · Score: 5, Informative

    The problem is that every card on a PCIe bus can be a master, has access to all of memory, has a processor of some kind, and has insecure firmware. Pick any popular card - network, storage or graphics - and you have a potential attack. Find a bug people are having and post a fix or a tool to fix it. There will always be some sucker who will download it and run it.