Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

alleged bios infection - was Re: OpenBSD 'pf' port (was FreeBSD heap to Linux)

From: "Ian Latter" <Ian.Latter () mq edu au>
Date: Thu, 29 Jan 2004 14:32:02 +1000
Juari,

You were right, that was a time waster, but you're fishing with that
comment.

If you have the time to talk shop, then I'd like to ask about your virus
findinings.  You appear to have gone to a lot of trouble to debug
this virus but you've left out some fairly critical information;


It was also unknown that the virus infects the BIOS of the computer it
infects by injecting a 624bytes backdoor written in FORTH which will open
port tcp when Mydoom will be executed AFTER febuary 12.


1.  Which TCP port does it listen on?
2.  Which BIOS (or motherboard) is this likely to occur on? (hard one -
      what instructions does it use to enable write to the chip - the 
      LinuxBIOS project should then help me find the boards that this
      will affect).

Whether my anti-virus company wants me to wear this or not, I'd
like to minimise the impact of any vulnerability that you may be able
to identifty in this regard.


Thanks for your time,






----- Original Message -----

From: "Juari Bosnikovich" <juarib () m-net arbornet org>
To: "Ian Latter" <itsecurity () mq edu au>
Subject:  Re: [Full-disclosure] OpenBSD 'pf' port (was FreeBSD heap to Linux)
Date: Wed, 28 Jan 2004 21:36:23 -0500



On Thu, 29 Jan 2004, Ian Latter wrote:




Human-readable syntax.

Lucid syntax is an indispensable security measure.  Errors should be GLARING
and obvious!


Ok - Fair enuff.

  Though there's nothing quite as obvious as a new home page painted
by your fav' 1337 cr3w to show holes in firewall rules ;o]


you has alot of free time to say useless things
my monkey once told me "why oh why do you keep doing it".
the thing with monkeys is you only have to give them a banana to make them
shut up.


--
Ian Latter
IT Security Officer
Macquarie University





--
Ian Latter
Internet and Networking Security Officer
Macquarie University

 Meet me at the Australian Unix and open systems
   User Group (AUUG) Security Symposium; 2004
  http://www.auug.org.au/events/2004/security/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: