[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] MyDoom bios infection

To: "Ferris, Robin" <R.Ferris@napier.ac.uk>
Subject: Re: [Full-Disclosure] MyDoom bios infection
From: Frank Knobbe <frank@knobbe.us>
Date: Thu, 29 Jan 2004 11:30:39 -0600

On Thu, 2004-01-29 at 03:14, Ferris, Robin wrote:
> >It was also unknown that the virus infects the BIOS of the computer it
> >infects by injecting a 624bytes backdoor written in FORTH which will open
> >port tcp when Mydoom will be executed AFTER febuary 12.

Although code in BIOS could interact with your network card, it would
require the correct driver routines for your particular card. Does the
virus come with network card drivers for a variety of cards? No? Then
BIOS code won't open a TCP port.

Regards,
Frank

Attachment: signature.asc
Description: This is a digitally signed message part

Follow-Ups:
- Re: [Full-Disclosure] MyDoom bios infection
  - From: Ben Nelson <lists@venom600.org>
- Re: [Full-Disclosure] MyDoom bios infection
  - From: Juari Bosnikovich <juarib@m-net.arbornet.org>

References:
- [Full-Disclosure] MyDoom bios infection
  - From: "Ferris, Robin" <R.Ferris@napier.ac.uk>

Prev by Date: Re: [Full-Disclosure] MyDoom bios infection
Next by Date: [Full-Disclosure] Security Announcement: untrusted ELF library path in some cvsup binary RPMs
Previous by thread: [Full-Disclosure] MyDoom bios infection
Next by thread: Re: [Full-Disclosure] MyDoom bios infection
Index(es):
- Date
- Thread