Author Topic: New virus attacks AMD processors  (Read 3059 times)

0 Members and 1 Guest are viewing this topic.

Offline taktmobiles

  • Newbie
  • *
  • Posts: 2
    • View Profile
New virus attacks AMD processors
« on: August 28, 2006, 09:07:34 AM »
New virus attacks AMD processors

Proof of concept code shows advanced attack vector



Security researchers at Symantec have discovered a new proof of concept virus that targets processors AMD rather than operating systems.

The worm comes in two versions, targeting 32-bit and 64-bit processors from AMD. Symantec refers to the online pests as w32.bounds and w64.bounds. Because it involves proof of concept code, both viruses are rated as low level threats.

Although at this point it concerns harmless proof of concept code, the virus could be used as a starting point for creating malware that affects computers regardless of the operating system that they run, cautioned Vincent Weafer, senior director of Symantec's Security Response Group.

"If I can get to the processor level, potentially I can really start tying myself into the core hardware. I can potentially evade some of the kernel protection and user protection. There is an attraction to virus writers to get to the lowest level possible," Weafer told vnunet.com.

"Once it runs, I've got pretty low level access to that system and I could do pretty well anything that I would want to do."

But there is a big down side because different processors speak what essentially could be seen as different Operating Code (opcode) languages.

"Typically, going down to the opcode level in not effective, because there are too many variants out there and you end up working on not too many machines, " said Weafer.

Offline Totro

  • LandzDown Team
  • Hero Member
  • *****
  • Posts: 517
  • Cogito ergo sum ...
    • View Profile
Re: New virus attacks AMD processors
« Reply #1 on: August 29, 2006, 06:27:39 AM »
taktmobiles   :)

Welcome to the Forums  :thumbsup:


News moves fast ....

You may be right:- http://www.theinquirer.net/default.aspx?article=33988

Or you may be wrong:- http://www.theinquirer.net/default.aspx?article=33999

Source for both news items is "The Inquirer"

You pays your money and takes your pick - LOL - I think the second link is probably more correct ...?

Either way, it was a good post - just the sort of news updates everyone is always looking for ...

Who knows? These days the news is "dead" -  sometimes within minutes ...


Cheers Totro  :)
Panic slowly...

Brought to you from the land down-under...

ASAP (Member) Alliance of Security Analysis Professionals