Software // Information Management
Commentary
3/25/2009
03:46 PM
Mike Fratto
Mike Fratto
Commentary
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Malware Controlling Hardware Is Not A Necessity

The last two weeks have brought us two different attack vectors affecting servers and PC's alike. First Invisible Things Lab's Joanna Rutkowska and Rafal Wojtczuk presented the details of an attack on Intel's System Management Module which lets the malware do whatever it wants and effectively hides from everything else. Meanwhile, An

The last two weeks have brought us two different attack vectors affecting servers and PC's alike. First Invisible Things Lab's Joanna Rutkowska and Rafal Wojtczuk presented the details of an attack on Intel's System Management Module which lets the malware do whatever it wants and effectively hides from everything else. Meanwhile, Anibal Sacco and Alfredo Ortega presented an attack that subverts the BIOS at CanSecWest. Can it get any worse?Well, sure it can. Both of these attack vectors are highly specialized, but Rutkowska did confirm that it's possible to create malware that could discover the necessary parameters carry off an SMM attack rather than having to create specific malware for each motherboard and chipset combination. She's also quick to point out that there are other, easier, and more effective ways to get control of a host.

Conficker is one recent example. Exploiting a known vulnerability for which there is a patch, Conficker continues to spread and according to analysis by SRI continues to evolve and demonstrates the creators ability to adapt and enhance the malware. Conficker is sophisticated, to be sure, but it's no where near the cutting edge exploit that a BIOS update or SMM rootkit is. Yet, Conficker has much more potential.

Both attacks are highly specific and require substantial expertise to become effective. In SMM Rootkits: A New Breed of OS Independent Malware, a paper that Rutkowska references, the authors list number of limitations in making a generalizeable SMM rootkit not the least of which is not having OS driver support to utilize installed hardware.

The research is interesting and the attacks are viable, but given the simpler, easier, more wide spread methods of gaining control of a system, hacking the BIOS or SMM probably isn't big threat.

Comment  | 
Print  | 
More Insights
The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - September 10, 2014
A high-scale relational database? NoSQL database? Hadoop? Event-processing technology? When it comes to big data, one size doesn't fit all. Here's how to decide.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.