[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] MyDoom bios infection

To: full-disclosure@netsys.com
Subject: [Full-Disclosure] MyDoom bios infection
From: "Ferris, Robin" <R.Ferris@napier.ac.uk>
Date: Thu, 29 Jan 2004 09:14:23 -0000

Hi guys

I have now read two postings that claim that MyDoom infects the Bios on
machines it is executed on. 

>It was also unknown that the virus infects the BIOS of the computer it
>infects by injecting a 624bytes backdoor written in FORTH which will open
>port tcp when Mydoom will be executed AFTER febuary 12.

Does AV software scan the bios of a machine?

If not then what I am interested in is; is this backdoor only activated if
the virus is still present on the machine, or is it that the  machine has
been cleaned of virus but it is still present in BIOS ans will still
activate backdoor?

You will see some lack of knowledge here!

TIA

RF

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] MyDoom bios infection
  - From: Frank Knobbe <frank@knobbe.us>

Prev by Date: Re: [Full-Disclosure] Mydoom: perfect storm averted or just ahead?
Next by Date: RE: [Full-Disclosure] New Variant of mydoom in the wild
Previous by thread: alleged bios infection - was Re: [Full-Disclosure] OpenBSD 'pf' port (was FreeBSD heap to Linux)
Next by thread: Re: [Full-Disclosure] MyDoom bios infection
Index(es):
- Date
- Thread