«

From: "Art" <>


|
| What you're not considering is a "insider" job ... someone working for
| a BIOS vendor creating and spreading infested "updates".
|
| Art
|
| http://home.epix.net/~artnpeg

Updates for what ?

Lets say it is a particular vendor like ASUS. It wouldn't be for all motherboards. At best
one. Even still, there s a wide variety of Flashable RAM chips that may be used. Which
chip ? Would even even pass a CRC checksum by the Flashing program ?

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

On Tue, 20 Sep 2005 14:53:31 GMT, "David H. Lipman"
<DLipman~nospam~@Verizon.Net> wrote:

>From: "Art" <>
>
>
>|
>| What you're not considering is a "insider" job ... someone working for
>| a BIOS vendor creating and spreading infested "updates".
>|
>
>Updates for what ?
>
>Lets say it is a particular vendor like ASUS. It wouldn't be for all motherboards. At best
>one. Even still, there s a wide variety of Flashable RAM chips that may be used. Which
>chip ? Would even even pass a CRC checksum by the Flashing program ?

Haven't you ever downloaded a BIOS update and reflashed a BIOS? How
would/did you know it wasn't infested? Presumably a insider job would
pass the checksum test.

Art

http://home.epix.net/~artnpeg

From: "Art" <>


|
| Haven't you ever downloaded a BIOS update and reflashed a BIOS? How
| would/did you know it wasn't infested? Presumably a insider job would
| pass the checksum test.
|
| Art
|
| http://home.epix.net/~artnpeg

I get them directly from a trusted location.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

On Tue, 20 Sep 2005 20:19:46 GMT, "David H. Lipman"
<DLipman~nospam~@Verizon.Net> wrote:

>From: "Art" <>
>
>
>|
>| Haven't you ever downloaded a BIOS update and reflashed a BIOS? How
>| would/did you know it wasn't infested? Presumably a insider job would
>| pass the checksum test.
>|

>I get them directly from a trusted location.

That's obviously the best bet but the point is that it's still a
gamble. You were insisting that it's impossible. I'm simply pointing
out that it's not impossible, however unlikely it might be.

Art

http://home.epix.net/~artnpeg

"Art" <> wrote in message
news:...
> On Tue, 20 Sep 2005 20:19:46 GMT, "David H. Lipman"
> <DLipman~nospam~@Verizon.Net> wrote:
>
>>From: "Art" <>
>>
>>
>>|
>>| Haven't you ever downloaded a BIOS update and reflashed a BIOS? How
>>| would/did you know it wasn't infested? Presumably a insider job would
>>| pass the checksum test.
>>|
>
>>I get them directly from a trusted location.
>
> That's obviously the best bet but the point is that it's still a
> gamble. You were insisting that it's impossible. I'm simply pointing
> out that it's not impossible, however unlikely it might be.
>
imho, the more tech's say something is imposable the more likely someone
will take up the challenge to prove them wrong. Some of the same tech's and
those in the know said it was imposable to get any type of infection or
malware by *only* reading an email. Of course they had to eat their words
after Melissa; but some tried to even wiggle out of that by saying they
meant to qualify what they had said in as much that they were trying to say
that simply reading a message in plane text format that it was imposable;
but to me that is as much a worm wiggle of what I get accused of; but I was
and am far more innocent of the worm wiggling charge then they, lol
I would have to guess that as a part of the development of such a bios
infecting virus or malware an intermediate step may be to store parts of the
virus/malware in the unused portions of the chip housing the bios program.
Maybe hiding the portions of the virus which AV products detect there by
avoiding detection. AFAIK no known AV product checks bios for virus or
malware and if a virus/malware is created which is detected by AV products
the creator of the offending software instead of completely rewriting the
virus/malware to avoid detection could simply have the virus/malware hide
the portions the AV software is keying on in the bios.
--
From the Desk of Sugien
/}
@###{ ]:::::ino-Soft Software::::::>
\}

From: "Art" <>


|
| That's obviously the best bet but the point is that it's still a
| gamble. You were insisting that it's impossible. I'm simply pointing
| out that it's not impossible, however unlikely it might be.
|
| Art
|
| http://home.epix.net/~artnpeg

Examine the concept of an infected BIOS. The BIOS (Basic Input-Output System) is the
middleware between a given motherboards chip-set and an Operating System. The OS looks for
specific routines to access such things as the hard disk, floppy, real-time clock, USB, etc.
The question is if the BIOS could be infected what could "it" do. That is being a
middleware and not a high level or even a low level language but a series of routines to
interface hardware through system calls.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

On Tue, 20 Sep 2005 20:57:01 GMT, "David H. Lipman"
<DLipman~nospam~@Verizon.Net> wrote:

>From: "Art" <>
>
>
>|
>| That's obviously the best bet but the point is that it's still a
>| gamble. You were insisting that it's impossible. I'm simply pointing
>| out that it's not impossible, however unlikely it might be.
>|
>| Art
>|
>| http://home.epix.net/~artnpeg
>
>Examine the concept of an infected BIOS. The BIOS (Basic Input-Output System) is the
>middleware between a given motherboards chip-set and an Operating System. The OS looks for
>specific routines to access such things as the hard disk, floppy, real-time clock, USB, etc.
>The question is if the BIOS could be infected what could "it" do. That is being a
>middleware and not a high level or even a low level language but a series of routines to
>interface hardware through system calls.

That's a no-brainer. It could do many kinds of different damage to a
hard drive, including making it unuseable without a reformat. Even
something as simple as refusing to boot and just hanging in a infinite
loop is a example.

Art

http://home.epix.net/~artnpeg

From: "Art" <>


|
| That's a no-brainer. It could do many kinds of different damage to a
| hard drive, including making it unuseable without a reformat. Even
| something as simple as refusing to boot and just hanging in a infinite
| loop is a example.
|
| Art
|
| http://home.epix.net/~artnpeg

I can't see a vendor releasing a BIOS that did not pass a quality control check.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

On Tue, 20 Sep 2005 21:57:58 GMT, "David H. Lipman"
<DLipman~nospam~@Verizon.Net> wrote:

>From: "Art" <>
>
>
>|
>| That's a no-brainer. It could do many kinds of different damage to a
>| hard drive, including making it unuseable without a reformat. Even
>| something as simple as refusing to boot and just hanging in a infinite
>| loop is a example.
>|
>I can't see a vendor releasing a BIOS that did not pass a quality control check.

The bad guy might work in the QC dept. Trust noone!

Art

http://home.epix.net/~artnpeg

David H. Lipman wrote:

> | That's a no-brainer. It could do many kinds of different damage to a
> | hard drive, including making it unuseable without a reformat. Even
> | something as simple as refusing to boot and just hanging in a infinite
> | loop is a example.
> |
> | Art
> |
> | http://home.epix.net/~artnpeg
>
> I can't see a vendor releasing a BIOS that did not pass a quality control
> check.
>
I can't see a major hard drive manufacturer releasing thousands of hard
drives with a boot sector infector preinstalled.

But it happened.

--
Outside of a dog, a book is a man's best friend.
Inside of a dog, it's too dark to read.
-Marx