Full Disclosure mailing list archives
MyDoom bios infection
From: "Ferris, Robin" <R.Ferris () napier ac uk>
Date: Thu, 29 Jan 2004 09:14:23 -0000
Hi guys I have now read two postings that claim that MyDoom infects the Bios on machines it is executed on.
It was also unknown that the virus infects the BIOS of the computer it infects by injecting a 624bytes backdoor written in FORTH which will open port tcp when Mydoom will be executed AFTER febuary 12.
Does AV software scan the bios of a machine? If not then what I am interested in is; is this backdoor only activated if the virus is still present on the machine, or is it that the machine has been cleaned of virus but it is still present in BIOS ans will still activate backdoor? You will see some lack of knowledge here! TIA RF _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- MyDoom bios infection Ferris, Robin (Jan 29)
- Re: MyDoom bios infection Frank Knobbe (Jan 29)
- Re: MyDoom bios infection Ben Nelson (Jan 29)
- Re: MyDoom bios infection Frank Knobbe (Jan 29)
- Re: MyDoom bios infection Juari Bosnikovich (Jan 29)
- Re: MyDoom bios infection Frank Knobbe (Jan 29)
- Re: MyDoom bios infection Ben Nelson (Jan 29)
- <Possible follow-ups>
- Re: MyDoom bios infection Ian Latter (Jan 29)
- RE: MyDoom bios infection Dan Bolton (Jan 29)
- Re: MyDoom bios infection Frank Knobbe (Jan 29)