Slashdot Mirror

← Back to Stories (view on slashdot.org)

GPU Malware Can Also Affect Windows PCs, Possibly Macs

Posted by samzenpus on from the protect-ya-neck dept.

itwbennett writes: A team of anonymous developers who recently created a Linux rootkit that runs on graphics cards has released a new proof-of-concept malware program that does the same on Windows. A Mac OS X implementation is also in the works. The problem the developers are trying to highlight lies not with the operating systems, such as Windows or Linux, nor with the GPU (graphics processor unit) vendors, but rather with existing security tools, which aren't designed to scan the random access memory used by GPUs for malware code.

3 of 49 comments (clear)

  1. Load of overhyped bullshit. by Anonymous Coward · · Score: 5, Informative

    The linux rootkit doesn't "run on GPUs".
    It allocates a buffer on the GPU and then stores strings in that buffer.
    So they've demonstrated that ... you can store data in RAM.
    Whoop-dee-fucking-doo.

  2. Re:using the OpenCL APIs is *noisy* by Anonymous Coward · · Score: 5, Insightful

    They go that way because its there, obviously. Malware writers find the blindspot and that is a blindspot.

    If the malware writers don't find that then the NSA hackers will. Remember the hard disk flash is used by that NSA malware not the hard disk? That may in turn have had help from the hard disk vendors, by providing the NSA with the code for their hard disks:

    http://www.stuff.co.nz/technology/digital-living/66279485/NSA-hiding-Equation-spy-program-on-hard-drives

    Or that the NSA phone spyware that installs/runs itself in the modem chip of the mobile phone, not the computer of the mobile phone. That is easier because there are fewer modem makers than mobile phone makers. Qualcom LTE being common among many handsets.

    Or that spyware that runs inside the USB driver flash chip not the computer?

    If you don't notice the activity on your CPU why would you notice it on your GPU?

  3. Sigh. by ledow · · Score: 4, Informative

    1) It's misleading. The code is not executing on the GPU, it's just stored there.

    2) It's obvious. If you're just storing code as data, it doesn't matter what OS you use to do that.

    3) It's blatant pandering to media. Two stories (at least) on this, no extra content besides the bleeding obvious.

    4) It's a symptom of stupidity. If your only safety comes from being able to scan RAM or storage devices and find a "signature" amongst them of a known virus, you're an idiot. It's a stupid, pointless waste of time and computing resources. That there's an area of RAM available that DOESN'T have live protection built into existing antivirus is not shocking at all. Hell, you could store string stuff in the TPM chip, or in the HPA of a hard drive, or in an onboard EEPROM or anywhere else that antivirus can't scan. They'll be unable to "certify" it as safe (as if they could anyway!) and will have to rely on somehow spotting the loader program before execution no matter what variant of it is used, or how the actual data payload is encrypted. (Hint: They can't. Antivirus is exclusively "after the horse has bolted" security.

    5) Really, Slashdot?