Re: Microsoft Research: Strider GhostBuster Rootkit Detection and "...stealth software that hides in BIOS, Video card EEPROM"
From: Art (null_at_zilch.com)
Date: 09/20/05
- Next message: Hootowl: "Re: ACOUSTIC SNOOPING ON TYPED INFORMATION"
- Previous message: Unruh: "Re: Extremely odd thing with Giganews DMCA?"
- In reply to: David H. Lipman: "Microsoft Research: Strider GhostBuster Rootkit Detection and "...stealth software that hides in BIOS, Video card EEPROM""
- Next in thread: Imhotep: "Re: Microsoft Research: Strider GhostBuster Rootkit Detection and "...stealth software that hides in BIOS, Video card EEPROM""
- Reply: Imhotep: "Re: Microsoft Research: Strider GhostBuster Rootkit Detection and "...stealth software that hides in BIOS, Video card EEPROM""
- Reply: David H. Lipman: "Re: Microsoft Research: Strider GhostBuster Rootkit Detection and "...stealth software that hides in BIOS, Video card EEPROM""
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 20 Sep 2005 00:40:50 GMT
On Mon, 19 Sep 2005 23:58:01 GMT, "David H. Lipman"
<DLipman~nospam~@Verizon.Net> wrote:
>http://research.microsoft.com/rootkit/
>
>States the following...
>"Note: there will be some false positives. Also, this does not detect stealth software that
>hides in BIOS, Video card EEPROM, disk bad sectors, Alternate Data Streams, etc. "
>
>We have discussed the possibility of infecting a BIOS over and over and the consensus has
>been that is not possible.
I thought the consensus was that no known malware infects the BIOS.
>Based upon my studying both viruses and hardware I can't see how
>it is possible.
Why? You can download BIOS updates and reflash.
>Yet the above Microsoft web site on a RootKit Detector indicates
>"...stealth software that hides in BIOS, Video card EEPROM".
Maybe they've seen POCs. There probably are BIOS reflashing
malwares that simply haven't surfaced.
Art
- Next message: Hootowl: "Re: ACOUSTIC SNOOPING ON TYPED INFORMATION"
- Previous message: Unruh: "Re: Extremely odd thing with Giganews DMCA?"
- In reply to: David H. Lipman: "Microsoft Research: Strider GhostBuster Rootkit Detection and "...stealth software that hides in BIOS, Video card EEPROM""
- Next in thread: Imhotep: "Re: Microsoft Research: Strider GhostBuster Rootkit Detection and "...stealth software that hides in BIOS, Video card EEPROM""
- Reply: Imhotep: "Re: Microsoft Research: Strider GhostBuster Rootkit Detection and "...stealth software that hides in BIOS, Video card EEPROM""
- Reply: David H. Lipman: "Re: Microsoft Research: Strider GhostBuster Rootkit Detection and "...stealth software that hides in BIOS, Video card EEPROM""
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
