• Competitor rules

    Please remember that any mention of competitors, hinting at competitors or offering to provide details of competitors will result in an account suspension. The full rules can be found under the 'Terms and Rules' link in the bottom right corner of your screen. Just don't mention competitors in any way, shape or form and you'll be OK.

New Virus Can Attack AMD Processors

dafloppyone

dafloppyone

dafloppyone

Associate
Joined
15 Jun 2006
Posts
2,178
Location
Amsterdam
New virus attacks AMD processors

Proof of concept code shows advanced attack vector



Tom Sanders in California, vnunet.com, 28 Aug 2006
Print : Discuss : Send to friend : Search Jobs




ADVERTISEMENT

Security researchers at Symantec have discovered a new proof of concept virus that targets processors AMD rather than operating systems.

The worm comes in two versions, targeting 32-bit and 64-bit processors from AMD. Symantec refers to the online pests as w32.bounds and w64.bounds. Because it involves proof of concept code, both viruses are rated as low level threats.

Although at this point it concerns harmless proof of concept code, the virus could be used as a starting point for creating malware that affects computers regardless of the operating system that they run, cautioned Vincent Weafer, senior director of Symantec's Security Response Group.

"If I can get to the processor level, potentially I can really start tying myself into the core hardware. I can potentially evade some of the kernel protection and user protection. There is an attraction to virus writers to get to the lowest level possible," Weafer told vnunet.com.

"Once it runs, I've got pretty low level access to that system and I could do pretty well anything that I would want to do."

But there is a big down side because different processors speak what essentially could be seen as different Operating Code (opcode) languages.

"Typically, going down to the opcode level in not effective, because there are too many variants out there and you end up working on not too many machines, " said Weafer.





http://www.computing.co.uk/vnunet/news/2163054/virus-attacks-amd-processors
 
Isnt this the reason why AMD started developing the virus protection on the cpu itself? Thought this was included on the A64 (certainly s939 varient possibly the s754 also) from the beginning?

Or am I thinking of something else
 
The NX bit (aka. "on-chip virus protection") just protects from certain types of buffer overflows - a type of software flaw often exploited by Internet-bourne worms but rarely by viruses.

The fact that this "AMD CPU virus" still replicates by infecting Windows EXE files is enough proof that its abilities are being exaggerated by the press.

As far as the Symantec technical report goes, its key advanced feature is this:

Uses a new type of entrypoint obscuring by hooking an entry in the Import Table that is referenced by the Bound Import Table.
Click to expand...

That sounds more like kernel rootkit behaviour than anything to do with "infecting" the CPU.
 
NathanE said:
The NX bit (aka. "on-chip virus protection") just protects from certain types of buffer overflows - a type of software flaw often exploited by Internet-bourne worms but rarely by viruses.

The fact that this "AMD CPU virus" still replicates by infecting Windows EXE files is enough proof that its abilities are being exaggerated by the press.

As far as the Symantec technical report goes, its key advanced feature is this:



That sounds more like kernel rootkit behaviour than anything to do with "infecting" the CPU.
Click to expand...


Thats interesting to know thank you
 
It's not AMD only. It's AMD64 (AMD) and EM64T (Intel) ie- 64bit XP. The w64.bounds link in the first post even tells you this.
 
Last edited:
To be honest it's not really going to be "affecting" anyone. It's just the technology media getting a bit excited.
 
The virus just gets operations to run at chip level rather than OS level, so it bypasses lots of security layers. The chip does not get affected by the virus, it does nothing to the chip, it just means you can write a low level virus, but as the report says, this will not be effective because if you write a program in machine code, the likelyhood of it running on any machine other than the one that created it is extremely low, in fact virtually non-existent. Please can someone change the title of this as it is very misleading and will cause unnecesary panic.
 
You must log in or register to reply here.
Back
Top Bottom