Horizon threats, Here already! Direct Memory Access Malware – GPU others

HORIZON THREATS? Here already! DMA and RDMA Threats
Malware could be hiding in your GPU
(Let us become familiar by browsing the DMA Direct Memory Access links below)
Direct memory access
From Wikipedia, the free encyclopedia
What is DMA? – A Word Definition From the Webopedia
What is Direct Memory Access (DMA)? – Definition from Techopedia
Remote direct memory access (RDMA)
From Wikipedia, the free encyclopedia
Introduction to direct memory access
Implementing direct memory access is straightforward, once you know how it works and how to configure your DMA controller. Here’s a primer on this most efficient means of moving data around in a system.
“Malware writers have worked out ways of hiding trojan horses in places where viruses checkers can’t look, according to one security researcher.
Patrick Stewin has demonstrated a a detector which can be built to find sophisticated malware that runs on dedicated devices and attacks direct memory access (DMA).
This will mean that it will finally tell us how effective crackers have been at getting malware into graphics and network cards.
The code has managed to find attacks launched by the malware, dubbed DAGGER, which targeted host runtime memory using DMA provided to hardware devices.
DAGGER attacked 32bit and 64bit Windows and Linux systems and could bypass memory address randomisation. It has now been developed to a point where the host cannot detect its presence, Stewin said.”….
memory address randomisation / Address space layout randomization
http://en.wikipedia.org/wiki/Address_space_layout_randomization
“Address space randomization hinders some types of security attacks by making it more difficult for an attacker to predict target addresses. For example, attackers trying to execute return-to-libc attacks must locate the code to be executed, while other attackers trying to execute shellcode injected on the stack have to find the stack first. In both cases, the system obscures related memory-addresses from the attackers. These values have to be guessed, and a mistaken guess is not usually recoverable due to the application crashing.”
NOW READ THIS…
Direct Memory Access | Security Architect
Sep 5, 2013 – … when someone mentioned “HBGary Direct Memory Access tools. … as well as use tools to protect against malware delivered remotely. ….
“You ask, “Can they really do that?” and you may be thinking “Only in the movies”  but all along I would have told you “Yeah, they probably can.” The other day I got confirmation when someone mentioned “HBGary Direct Memory Access tools.” That was enough of a lead to spawn a Google search and soon I confirmed such tools aren’t just in the movies.
Of course, if you’ve got great contacts in law enforcement and defense/intel you probably knew that already. But for the rest of us, you don’t have to watch the detectives anymore, there’s a considerably better source for such secret knowledge. I pulled up an old Ars Technica titled “Black ops: how HBGary wrote backdoors for the government.” This was written in the wake of the Anonymous attack on Federal contractor HBGary which led to a Wikileaks-style puke out of the company’s email data banks. Per the article:
“In 2009, HBGary…partnered with…General Dynamics to work on a project euphemistically known as ‘Task B.’ The team had a simple mission: slip a piece of stealth software onto a target laptop…they focused on the ‘direct access’ ports [PCMCIA, ExpressCard and Firewire] that provide ‘uninhibited electronic direct memory access’…[allowing] a custom piece of hardware delivered by a field operative to interact directly with the laptop [and] write directly to the computer’s memory…The [USB and wifi ports] needed “trust relationships” or relied on ‘buffer overflows…”
From the email records it seems HBGary wrote multiple exploits including so-called “rootkits,” a type of malware that installs deep in the OS to become undetectable to anti-virus scanners using standard I/O interfaces. The DMA rootkit was the malware of choice on “Task B” because it was thought to have the lowest risk of detection. And it could be used in physical access scenarios such as a spy accessing a laptop left on a desk or in the hotel room. ….”
PRESS:
Hacker Defeats Hardware-based Rootkit Detection – Slashdot
Mar 4, 2007 … And that’s what hardware-based rootkit detection is about. Use hardware with DMA (which you trust) to access memory instead of letting the …
Researchers Find Way to Detect Direct Memory Access Malware
September 27th, 2013, 08:11 GMT · By Eduard Kovacs
http://news.softpedia.com/news/Researchers-Find-Way-to-Detect-Direct-Memory-Access-Malware-386671.shtml
RELATED:
How to Enable Direct Memory Access (DMA) – Microsoft Support
This article describes how to enable Direct Memory Access (DMA) on your Windows 98-based, Windows 95-based or Windows Millennium Edition-based…
Advertisements
%d bloggers like this: