Nokiamies Posted September 10, 2021 Share Posted September 10, 2021 https://www.bleepingcomputer.com/news/security/cybercriminal-sells-tool-to-hide-malware-in-amd-nvidia-gpus/ In short someone was selling exploit to Windows that allowed store hidden Malware into GPU Vram on hacker forums and few weeks later that person stated exploit had been sold. On august 29 2021 Vx underground released tweet stating that malicious code enables binary execution by the GPU in its memory space and that would demonstrate it soon. That way antiviruses would not be able detect it while executing. Exploit works on any Opencl 2.0 compatible gpu But I do have some questions from that. RAM data is lot on power loss so where does file live outside it? It must have payload somewhere in the hard drive or write itself to uefi other chip. Writing to hard drive means virus can be detected on drive using advanced methods such as rootkit scanners and even if it erases itself from hdd at boot and write itself back on shutdown I can permantelty get rid of it by unplugging computer while it is on causing it disappear from VRAM. Also depending side of malware VRAM may not be enough to it (Nvidia Riva TNT to the rescue) or it may cause reduced amount of free vram or malware may crash if run vram intensive application. If it writes itself to flash it may not work properly or it can brick system. I would not loose sleep over that. It is concern, but normal security practises should keep safe from it. I mostly assume that could be used to exploit servers with gpus that are running 24/7 1 Link to comment Share on other sites More sharing options...
Sampei.Nihira Posted September 10, 2021 Share Posted September 10, 2021 (edited) They are usually rootkits. Although rootkits can be very scary, you should keep in mind that to "install" a rootkit you need to use malware able to use remote access. Malware usually exploits a vulnerability in the OS and/or some installed application. That is why it is important to use a specific Anti-Exploit software. If the malware that "carries" a possible rootkit is blocked, the rootkit is indirectly stopped as well. On the other hand, if the OS is infected and a rootkit is discovered, its removal may be more difficult to solve than a "common" malware. And often the OS is too badly damaged to need to be re-installed. Edited September 10, 2021 by Sampei.Nihira 1 Link to comment Share on other sites More sharing options...
Nokiamies Posted September 10, 2021 Author Share Posted September 10, 2021 (edited) 40 minutes ago, Sampei.Nihira said: They are usually rootkits. Although rootkits can be very scary, you should keep in mind that to "install" a rootkit you need to use malware able to use remote access. Malware usually exploits a vulnerability in the OS and/or some installed application. That is why it is important to use a specific Anti-Exploit software. I also use advanced detection like network level packet scanning with os side blocking. In case exploit shield is bypassed and get infected still if it wants spy or remote access it must do it trough my network leaving trace to logs 40 minutes ago, Sampei.Nihira said: On the other hand, if the OS is infected and a rootkit is discovered, its removal may be more difficult to solve than a "common" malware. And often the OS is too badly damaged to need to be re-installed. i wipe disk then use clean snapshot from hdd or fresh install if get. Also reset any network password since hacker may have had stored them to reaccess. I know some examples of that where hacker came back later using stolen passwords of network or vpn. Some rootkit may hide in mbr or file table so restoring or making new partition may not help Edited September 10, 2021 by Mr.Scienceman2000 1 Link to comment Share on other sites More sharing options...
Sampei.Nihira Posted September 10, 2021 Share Posted September 10, 2021 Why not also use Anti-Exploit software. The one in WD is very good. Usually with non-Microsoft software it is possible to use 12 rules on x64 OS's, which can become 14 on Microsoft software. Also using IL appcontainer apps helps a lot. 1 Link to comment Share on other sites More sharing options...
Nokiamies Posted September 10, 2021 Author Share Posted September 10, 2021 (edited) 9 minutes ago, Sampei.Nihira said: Why not also use Anti-Exploit software. The one in WD is very good. Usually with non-Microsoft software it is possible to use 12 rules on x64 OS's, which can become 14 on Microsoft software. Also using IL appcontainer apps helps a lot. Meant I use anti exploit software and then other methods combined with it in case one fails. Never put all eggs to one basket. Most of modern non phishing attacks are exploits or other methods. Multilayer security starting on network firewall level until os exploit shielding, using script blocks on browser. My security would be considered paranoia by many, but better safe than sorry. And I am not 360 degrees secured still. Someone who is motivated to attack could do it but normal scripts or mass spreaded exploits wont. Even if I would have fully libre thinkpad with qubes os someone would able break in if had all motivation and deciation Edited September 10, 2021 by Mr.Scienceman2000 1 Link to comment Share on other sites More sharing options...
XPerceniol Posted October 26, 2021 Share Posted October 26, 2021 (edited) Its news like this that make me want to return to only my solar calculator and abacus. In fact, I don't even trust my digital alarm clock, I think I'll dig out my cuckoo clock of the moldy basement. Actually, everything I own is cuckoo ... oh don't be so shocked https://thehackernews.com/2021/10/new-attack-let-attacker-collect-and.html ""The impact of Gummy Browsers can be devastating and lasting on the online security and privacy of the users, especially given that browser-fingerprinting is starting to get widely adopted in the real world," the researchers concluded. "In light of this attack, our work raises the question of whether browser fingerprinting is safe to deploy on a large scale."" Edited October 26, 2021 by XPerceniol Link to comment Share on other sites More sharing options...
XPerceniol Posted October 26, 2021 Share Posted October 26, 2021 13 minutes ago, XPerceniol said: Its news like this that make me want to return to only my solar calculator and abacus. In fact, I don't even trust my digital alarm clock, I think I'll dig out my cuckoo clock of the moldy basement. Actually, everything I own is cuckoo ... oh don't be so shocked https://thehackernews.com/2021/10/new-attack-let-attacker-collect-and.html I've been researching and don't see any answers on how to prevent this from happening and it sounds awful to be honest. I doubt malware scanners would even detect it. Seems just visiting a malicious site could leave one vulnerable. Has anybody else heard of this? Link to comment Share on other sites More sharing options...
andyadams222 Posted February 18, 2022 Share Posted February 18, 2022 (edited) Usually with non-Microsoft software it is possible to use 12 rules on x64 OS's, which can become 14 on Microsoft software. besides that, I can advise you to visit this site https://domymathhomeworks.com/programming/ to buy a ready-made programming homework. This saves you time and guarantees excellent results. Edited October 27, 2022 by andyadams222 Link to comment Share on other sites More sharing options...
D.Draker Posted February 19, 2022 Share Posted February 19, 2022 This whole thing is over-rated . One would need to start a flashing utility and remove write protections first. Besides , not lots of free sapce for "mallware" in that chip. http://www.datasheetcafe.com/gd25q20-datasheet-pdf/ 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now