funsec mailing list archives
Re: Latest Dell bug--a hardware trojan
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Thu, 22 Jul 2010 12:41:24 +1200
Rob Slade wrote:
http://bit.ly/9nZxbn+
Before everyone gets their knickers in a twist... http://en.community.dell.com/support-forums/servers/f/956/t/19339458.aspx Read in particular the second post by "DELL-Matt M". Of particular note is this gem: 3. The W32.Spybot worm was discovered in flash storage on the motherboard during Dell testing. The malware does not reside in the firmware. ... 7. Remaining systems can only be exposed if the customer chooses to run an update to either Unified Server Configurator (USC) or 32- bit Diagnostics. The malware name in point 3 links to: http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99 So NOT a "hardware Trojan" (ala New Scientist) but a common or garden variety Win32 bot stored in flash ROM/RAM on the motherboard (presumably to facilitate system diagnosis and/or recovery). Now the hardcore speculation... Assuming that it is not a false positive -- reasonable if Dell has a good reason for this: 4. All industry-standard antivirus programs on the market today have the ability to identify and prevent the code from infecting the customerĀ“s operating system. this the odds are that someone updated the contents to put in the aforementioned "flash storage" _only for the replacement parts stock_ of the mentioned motherboards, on a machine infected by said common bot and did so either on a flash drive, or using such a device to transfer the collection of files from the PC being used to wherever and the bot copied itself to said device, _or_ siad device was plugged into such an infected machine somewhere down the line but before the files on such device were finally copied to the replacement stock motherboards. Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Latest Dell bug--a hardware trojan Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jul 21)
- Re: Latest Dell bug--a hardware trojan David M Chess (Jul 21)
- Re: Latest Dell bug--a hardware trojan Nick FitzGerald (Jul 21)