POV-Ray : Newsgroups : povray.off-topic : Malware is getting nastier and more professional than ever Server Time
14 Nov 2024 14:00:08 EST (-0500)
  Malware is getting nastier and more professional than ever (Message 1 to 10 of 34)  
Goto Latest 10 Messages Next 10 Messages >>>
From: Warp
Subject: Malware is getting nastier and more professional than ever
Date: 12 Mar 2008 07:18:05
Message: <47d7c9fc@news.povray.org>
http://www.f-secure.com/weblog/archives/00001393.html

-- 
                                                          - Warp


Post a reply to this message

From: scott
Subject: Re: Malware is getting nastier and more professional than ever
Date: 12 Mar 2008 07:56:32
Message: <47d7d300@news.povray.org>
> http://www.f-secure.com/weblog/archives/00001393.html

Don't most BIOSs have some "prevent write to MBR" function?  Would malware 
like this be able to get around that?


Post a reply to this message

From: Invisible
Subject: Re: Malware is getting nastier and more professional than ever
Date: 12 Mar 2008 08:02:29
Message: <47d7d465$1@news.povray.org>
scott wrote:

> Don't most BIOSs have some "prevent write to MBR" function?

Ususally, yes. And usually, it's "off" by default. (When you unpack a 
brand new PC, what's the first thing you do? Install an OS.)

> Would malware like this be able to get around that?

Unlikely. But this measure isn't commonly enabled.

More interesting is that it can touch the MBR from Windoze in the first 
place...

-- 
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*


Post a reply to this message

From: Jim Henderson
Subject: Re: Malware is getting nastier and more professional than ever
Date: 12 Mar 2008 13:21:07
Message: <47d81f13$1@news.povray.org>
On Wed, 12 Mar 2008 13:02:28 +0000, Invisible wrote:

> Ususally, yes. And usually, it's "off" by default. (When you unpack a
> brand new PC, what's the first thing you do? Install an OS.)

That depends on what type of machine you bought.  If you go out and 
purchase a brand-name computer, the OS is already installed.

If you build your own, this is true, but most machines the OS is already 
pre-installed.

Jim


Post a reply to this message

From: Orchid XP v7
Subject: Re: Malware is getting nastier and more professional than ever
Date: 12 Mar 2008 13:45:06
Message: <47d824b2$1@news.povray.org>
> That depends on what type of machine you bought.  If you go out and 
> purchase a brand-name computer, the OS is already installed.
> 
> If you build your own, this is true, but most machines the OS is already 
> pre-installed.

True. But I'd wager that MBR protection is probably turned off on most 
machines out there.

(Similarly, most have a BIOS write-protect feature so malware can't 
reflash the BIOS. And that's usually off. But then, any such malware 
would only work for one brand of motherboard anyway since there's no 
standard interface for that kind of thing...)

-- 
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*


Post a reply to this message

From: Warp
Subject: Re: Malware is getting nastier and more professional than ever
Date: 12 Mar 2008 13:46:20
Message: <47d824fc@news.povray.org>
Orchid XP v7 <voi### [at] devnull> wrote:
> True. But I'd wager that MBR protection is probably turned off on most 
> machines out there.

  What actually happens if some software (for example an OS installer)
tries to modify the MBR and it has been bios-protected?

-- 
                                                          - Warp


Post a reply to this message

From: Orchid XP v7
Subject: Re: Malware is getting nastier and more professional than ever
Date: 12 Mar 2008 13:59:05
Message: <47d827f9$1@news.povray.org>
Warp wrote:
> Orchid XP v7 <voi### [at] devnull> wrote:
>> True. But I'd wager that MBR protection is probably turned off on most 
>> machines out there.
> 
>   What actually happens if some software (for example an OS installer)
> tries to modify the MBR and it has been bios-protected?

Varies by BIOS.

I believe what it *actually* does is yell "hey, somebody changed this!" 
rather than actually _prevent_ the change from happening. But again, it 
depends on what the BIOS writer has programmed it to do. To be honest, 
I've never tried it myself...

-- 
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*


Post a reply to this message

From: Warp
Subject: Re: Malware is getting nastier and more professional than ever
Date: 12 Mar 2008 15:37:22
Message: <47d83f02@news.povray.org>
Orchid XP v7 <voi### [at] devnull> wrote:
> I believe what it *actually* does is yell "hey, somebody changed this!" 

  How does it do that? The bios cannot have sufficient info about the
graphics card in order to show a message on screen, especially if the
graphics card is currently in non-vga mode.

-- 
                                                          - Warp


Post a reply to this message

From: Orchid XP v7
Subject: Re: Malware is getting nastier and more professional than ever
Date: 12 Mar 2008 15:38:28
Message: <47d83f44$1@news.povray.org>
>> I believe what it *actually* does is yell "hey, somebody changed this!" 
> 
>   How does it do that? The bios cannot have sufficient info about the
> graphics card in order to show a message on screen, especially if the
> graphics card is currently in non-vga mode.

No - it displays a message during the POST sequence. (And waits for a 
keypress.)

-- 
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*


Post a reply to this message

From: Warp
Subject: Re: Malware is getting nastier and more professional than ever
Date: 12 Mar 2008 16:05:06
Message: <47d84582@news.povray.org>
Orchid XP v7 <voi### [at] devnull> wrote:
> No - it displays a message during the POST sequence. (And waits for a 
> keypress.)

  What's that?

-- 
                                                          - Warp


Post a reply to this message

Goto Latest 10 Messages Next 10 Messages >>>

Copyright 2003-2023 Persistence of Vision Raytracer Pty. Ltd.