Author Topic: Going beyond Kernel rootkits...  (Read 8405 times)

0 Members and 1 Guest are viewing this topic.

Offline zorm

  • Hero Member
  • *****
  • Posts: 591
    • View Profile
    • Zorm's Page
Re: Going beyond Kernel rootkits...
« Reply #15 on: January 29, 2006, 11:11:18 pm »
It would be difficult,  no question there.  They aren't calling it a "frontier" because it's a simple problem, because it's not. 

And actually, with (normal) e2, you can write 0's, you just can't write 1's.  So maybe, just maybe, it would be possible to encode a virus in the pre-existing data.  Who knows?  But IF it was possible, it would be difficult but very rewarding. 

The BIOS has been around forever, I suspect that if it was actually possible to do something evil with it, it would have been done by now. Consider bootsector viruses for example.

Also, how rewarding would something like this actually be? I'd imagine detecting OS, finding network drivers/apis to take advantage of them would be extremely difficult and not worth the effort.
« Last Edit: January 30, 2006, 12:36:34 am by zorm »
"Frustra fit per plura quod potest fieri per pauciora"
- William of Ockham

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Going beyond Kernel rootkits...
« Reply #16 on: January 30, 2006, 12:13:49 am »
It would be difficult,  no question there.  They aren't calling it a "frontier" because it's a simple problem, because it's not. 

And actually, with (normal) e2, you can write 0's, you just can't write 1's.  So maybe, just maybe, it would be possible to encode a virus in the pre-existing data.  Who knows?  But IF it was possible, it would be difficult but very rewarding. 

The BIOS has been around forever, I suspect that if it was actually possible to do something evil with it, it would have been done by now. Consider bootsector viruses for example.

Also, how rewarding would something like this actually be? I'd image detecting OS, finding network drivers/apis to take advantage of them would be extremely difficult and not worth the effort.

True; I suppose it depends on what you actually want to do.