[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] MyDoom bios infection

To: Frank Knobbe <frank@knobbe.us>
Subject: Re: [Full-Disclosure] MyDoom bios infection
From: Ben Nelson <lists@venom600.org>
Date: Thu, 29 Jan 2004 11:09:38 -0700

Frank Knobbe wrote:

On Thu, 2004-01-29 at 03:14, Ferris, Robin wrote:

It was also unknown that the virus infects the BIOS of the computer it
infects by injecting a 624bytes backdoor written in FORTH which will open
port tcp when Mydoom will be executed AFTER febuary 12.

Although code in BIOS could interact with your network card, it would
require the correct driver routines for your particular card. Does the
virus come with network card drivers for a variety of cards? No? Then
BIOS code won't open a TCP port.

Regards,
Frank

It would need a TCP stack too, would it not?

--Ben

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] MyDoom bios infection
  - From: Frank Knobbe <frank@knobbe.us>

References:
- [Full-Disclosure] MyDoom bios infection
  - From: "Ferris, Robin" <R.Ferris@napier.ac.uk>
- Re: [Full-Disclosure] MyDoom bios infection
  - From: Frank Knobbe <frank@knobbe.us>

Prev by Date: RE: [Full-Disclosure] Culprit Bio: Perfect Storm Averted or Just Ahead?
Next by Date: Re: [Full-Disclosure] MyDoom bios infection
Previous by thread: Re: [Full-Disclosure] MyDoom bios infection
Next by thread: Re: [Full-Disclosure] MyDoom bios infection
Index(es):
- Date
- Thread