Processors vulnerable to viruses

By admin on August 30th, 2006

Researchers at Symantec have discovered a new proof of concept virus that targets processors rather than operating systems.

The worm comes in two versions, targeting 32-bit and 64-bit processors from AMD. Symantec refers to the online pests as w32.bounds and w64.bounds. Because it involves proof of concept code, both viruses are rated as low level threats.

W32.Bounds is a proof of concept polymorphic entrypoint-obscuring infector of Windows executable files.

ProtectionVirus Definitions (LiveUpdateâ„¢ Daily) August 10, 2006
Virus Definitions (LiveUpdateâ„¢ Weekly) August 16, 2006
Virus Definitions (Intelligent Updater) August 10, 2006
Virus Definitions (LiveUpdateâ„¢ Plus) August 10, 2006
Threat AssesmentWildWild Level: Low
Number of Infections: 0 - 49
Number of Sites: 0 - 2
Geographical Distribution: Low
Threat Containment: Easy
Removal: Easy
DamageDamage Level: Low
Modifies Files: Infects executable files.
DistributionDistribution Level: Low

Symantec found the code in an online meeting place for virus writers, such as underground websites and IRC chat channels.

The w32.bounds and w64.bounds viruses infect systems by tying themselves to Windows executable files, which disqualifies them as so-called chip level threats. They do however employ elements of such attacks by showing an ability to executive chip level assembly code.

The logical next step would therefore be to combine the 32-bit and 64-bit versions of the malware to create a single virus that can target both chip families. Weafer added that this is easier to do for AMD processors than for 32- and 64-bit Intel chips because the two AMD families are more similar than the Intel ones.

The last large scale outbreak of a chip level threat dates back to 1998. The CIH/Chernobyl then embedded itself into the flash-BIOS of several million computers and on the 13th anniversary of the nuclear disaster in the city destroyed all data. Chernobyl originated in South Korea, where it was estimated to cause US$250m in damages.

“The author’s intent is really proof of concept, to show that his virus can work and be difficult to detect across multiple processor families. He’s showing his technical competence. But you would not use this technique if you wanted to get a pandemic. You would not use this technique unless it was for a very targeted attack or an academic attack.”

Share this page:These icons link to social bookmarking sites where readers can share and discover new web pages.
  • BlinkList
  • del.icio.us
  • digg
  • Fark
  • Furl
  • NewsVine
  • Reddit
  • Spurl
  • TailRank

Most Viewed:

Your Ad Here

Categories: TechSpot
Tags:

Leave a Reply

You can use these XHTML tags: <a href="" title=""> <abbr title=""> <acronym title=""> <blockquote cite=""> <code> <em> <strong>

« Poseidon Undersea Resort The Most Controversial “ERAP Documentary” »