Full Disclosure mailing list archives
Re: MyDoom bios infection
From: Ben Nelson <lists () venom600 org>
Date: Thu, 29 Jan 2004 11:09:38 -0700
Frank Knobbe wrote:
On Thu, 2004-01-29 at 03:14, Ferris, Robin wrote:It was also unknown that the virus infects the BIOS of the computer it infects by injecting a 624bytes backdoor written in FORTH which will open port tcp when Mydoom will be executed AFTER febuary 12.Although code in BIOS could interact with your network card, it would require the correct driver routines for your particular card. Does the virus come with network card drivers for a variety of cards? No? Then BIOS code won't open a TCP port. Regards, Frank
It would need a TCP stack too, would it not? --Ben _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- MyDoom bios infection Ferris, Robin (Jan 29)
- Re: MyDoom bios infection Frank Knobbe (Jan 29)
- Re: MyDoom bios infection Ben Nelson (Jan 29)
- Re: MyDoom bios infection Frank Knobbe (Jan 29)
- Re: MyDoom bios infection Juari Bosnikovich (Jan 29)
- Re: MyDoom bios infection Frank Knobbe (Jan 29)
- Re: MyDoom bios infection Ben Nelson (Jan 29)
- <Possible follow-ups>
- Re: MyDoom bios infection Ian Latter (Jan 29)
- RE: MyDoom bios infection Dan Bolton (Jan 29)
- Re: MyDoom bios infection Frank Knobbe (Jan 29)