Malware running on graphics cards

Discussion in 'malware problems & news' started by BoerenkoolMetWorst, Sep 29, 2010.

Thread Status:
Not open for further replies.
  1. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
    Source: http://it.slashdot.org/submission/1343430/Malware-running-on-graphics-cards

    Paper: http://dcs.ics.forth.gr/Activities/papers/gpumalware.malware10.pdf
     
  2. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    GPU Assisted Malware - The Register

    If GPU malware can run soley on the GPU with no association with processes on the CPU, what effect would that have on detection?

    Does GPU malware alter the graphics memory used for processing images
    that eventually get displayed by the OS?

    Is there any requirement for a GPU malware to utilize the OS API's only?

    What disinfection routine, process, method would be required to escape from such a scenario?

    Are there any current Anti-Malware solutions capable preventing, detecting or cleaning a GPU infection?
     
  3. katio

    katio Guest

    If you don't rely on signature based detections (alone) no worries at all.
    The really interesting part is "malware that runs solely on the GPU with no association with processes that run on the CPU." But they of course didn't show that so: nothing new here...
     
  4. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
  5. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    What I don't like is the dismissive tone of those like katio and PrevxHelp saying that it is "nothing to worry about".
    If you were infected by such an impossible to get malware, they couldn't help you get clean anyway and would just continue their mantra "Nothing to worry about" OHM.
     
  6. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    To clarify - this is not malware hiding IN the graphics cards, but using GPU functions to decrypt their code. This "new" technique is being overblown - yes, it will introduce challenges for companies using more conventional emulation engines, but that is where the difficulties end. Any signature based product or behavior based product can still block these infections without a problem.

    The main "benefit" for using GPU functions is for obfuscation purposes but we've already been around the block many times with this when Intel added SSE2/SSE3/etc. and various other instructions.

    Hope that helps :)
     
  7. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Even if such malware becomes reality, it's not going to jump from your browser straight to your GPU without being executed first in the CPU. All of the normal security measures that stop "normal" malware will be just as capable of stopping this, starting with a good old default-deny security policy.
     
  8. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    I read that the unpacking was being done in the GPU.

    The article does state,

    as a potential.

    Next I came up with five questions for that potential, which nobody addresses.
    You guys know how big the box is so thinking outside of it should be easier.

    Do I have to call Orin Scrivello?

    orin2.jpg

    Thanks CloneRanger for the links, If I was scared before from malware, I am absolutely terrified by the possibilities now.
     
  9. katio

    katio Guest

    1)
    That's a completely speculative question because so far we have seen no such thing.
    I don't think it's possible at all - in a strict sense - unless the graphic card/firmware has been infected before installing it into your computer. That would make detection with current software based solutions impossible.
    Every other attack vector first has to through the CPU as noone_particular posted above -even if that only means exploiting a flaw in the graphic driver (which of course runs on the CPU).

    2) it has to use the graphic cards APIs, if it's executed on the GPU it runs in its firmware, not the host's operating system.

    3)yes it has to alter the memory and yes altering graphics is a possible vector of attack. Therefore a DRM based solution would be the straight forward way to detect GPU only malware (including aforementioned hacked firmware)

    4) graphic cards have persistent memory as well as the traditional RAM. The more likely attack therefore will not survive a reboot. If it's persistent you need to reflash the firmware.

    5) no because there is no such malware out there (as far as we and the AV industry are aware) it could protect against.
     
  10. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    Thank you.
    I appreciate you taking the time to answer katio.
    I won't ask you for anything for Christmas now. :p
     
Loading...
Thread Status:
Not open for further replies.