Vulnerability Development mailing list archives
Re: Modern hw-killing virus feasible
From: Jason Brvenik <jbrvenik () BETRUSTED COM>
Date: Thu, 8 Mar 2001 13:28:17 -0500
Given the attention that a virus capable of doing this would get I don't see how this would be anything more than an inconvience. The BIOS got flashed from software which means the MB supports flashing the BIOS. All the AV vendors and news media would be all over it and people would be aware that you just call the manufacturer and have them send you a flash floppy. I've dealt with three differnt ways this is done. 1) Boot to a OS floppy. This will obviously fail if the bios has been fully thrashed and doesn't have the bootstrap code anymore. 2) Boot after setting a jumper. This is more cumbersome for the average joe. 3) power up while holding a sequence of keys. J -----Original Message----- From: Mike A. Harris [mailto:mharris () OPENSOURCEADVOCATE ORG] Sent: Wednesday, March 07, 2001 2:37 AM To: VULN-DEV () SECURITYFOCUS COM Subject: Re: Modern hw-killing virus feasible On Tue, 6 Mar 2001, Ma Gores wrote:
Quoting from someone, somewhere, else... "cih erased the software stored on the chip... it should be obvious from that that it is software damage, not hardware damage...But its damage is just as bad"Semantics, maybe.
A dead motherboard that has had it's BIOS wiped out by a virus, is a dead motherboard. The cost of repairing this problem is significant enough to most people that it would basically mean purchasing a new motherboard. In other words, the "problem" caused, has a pricetag associated with it. While no physical damage is done, and the BIOS could certainly be replaced, the cost factors basically equivilate that the hardware is destroyed for all practical purposes for 99% of the general case. Joe average does not have the knowhow, nor the EPROM burner in his desk drawer to fix the problem. Hell, the computer store probably couldn't help him much either. *I* know how to fix such problems, but if I had my BIOS flashed, for all intents and purposes, I would be buying a new board too most likely because I don't have ready steady access to a EPROM flasher, not to mention the time and effort involved in trying to track down a copy of a rom - and thus time == money, yada yada. When it comes to useless broken hardware, who really cares about the semantics used. That might win bonus points among peers by making the distinction, but it is meaningless in the real world. ---------------------------------------------------------------------- Mike A. Harris - Linux advocate - Free Software advocate This message is copyright 2001, all rights reserved. Views expressed are my own, not necessarily shared by my employer. ---------------------------------------------------------------------- And the lord spake, saying, "First shalt thou write thy holy code. Indenting shalt thou count to three, no more, no less. Three shalt be the spaces thou shalt count, and the number of the counting shalt be three. Four shalt thou not count, nor count thou two, excepting that thou then proceedeth to three. Eight is right out. Once the number three, being the third number be reached, shalt thou move towards indenting thy next line ..
Current thread:
- Re: SV: Modern hw-killing virus feasible, (continued)
- Re: SV: Modern hw-killing virus feasible Lynn Crumbling (Mar 09)
- Re: SV: Modern hw-killing virus feasible Bruno Lustosa (Mar 09)
- Re: Modern hw-killing virus feasible Ashworth, Robert C. [Contractor] (Mar 07)
- Re: Modern hw-killing virus feasible Michael Wojcik (Mar 07)
- Re: Modern hw-killing virus feasible Robert Sandilands (Mar 07)
- Re: Modern hw-killing virus feasible Peter Tonoli (Mar 08)
- Re: Modern hw-killing virus feasible Syzop (Mar 08)
- Re: Modern hw-killing virus feasible Ian Kayne (Mar 08)
- Re: Modern hw-killing virus feasible Matt Bell (Mar 08)
- FW: Modern hw-killing virus feasible Russell Munday (Mar 08)
- Re: Modern hw-killing virus feasible Jason Brvenik (Mar 08)
- Fw: Modern hw-killing virus feasible Cilice Cracker (Mar 09)
- Fw: Modern hw-killing virus feasible Cilice Cracker (Mar 09)