Full Disclosure mailing list archives

MyDoom bios infection

From: "Ferris, Robin" <R.Ferris () napier ac uk>
Date: Thu, 29 Jan 2004 09:14:23 -0000

Hi guys

I have now read two postings that claim that MyDoom infects the Bios on
machines it is executed on.

It was also unknown that the virus infects the BIOS of the computer it
infects by injecting a 624bytes backdoor written in FORTH which will open
port tcp when Mydoom will be executed AFTER febuary 12.


Does AV software scan the bios of a machine?

If not then what I am interested in is; is this backdoor only activated if
the virus is still present on the machine, or is it that the  machine has
been cleaned of virus but it is still present in BIOS ans will still
activate backdoor?

You will see some lack of knowledge here!

TIA

RF

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

MyDoom bios infection Ferris, Robin (Jan 29)
- Re: MyDoom bios infection Frank Knobbe (Jan 29)
  - Re: MyDoom bios infection Ben Nelson (Jan 29)
    - Re: MyDoom bios infection Frank Knobbe (Jan 29)
  - Re: MyDoom bios infection Juari Bosnikovich (Jan 29)
    - Re: MyDoom bios infection Frank Knobbe (Jan 29)
- <Possible follow-ups>
- Re: MyDoom bios infection Ian Latter (Jan 29)
  - RE: MyDoom bios infection Dan Bolton (Jan 29)