lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <36402DCC1069D411922D00508B5B2CC21E3F2CD2@ex-server1.napier.ac.uk>
From: R.Ferris at napier.ac.uk (Ferris, Robin)
Subject: MyDoom bios infection

Hi guys

I have now read two postings that claim that MyDoom infects the Bios on
machines it is executed on. 

>It was also unknown that the virus infects the BIOS of the computer it
>infects by injecting a 624bytes backdoor written in FORTH which will open
>port tcp when Mydoom will be executed AFTER febuary 12.

Does AV software scan the bios of a machine?

If not then what I am interested in is; is this backdoor only activated if
the virus is still present on the machine, or is it that the  machine has
been cleaned of virus but it is still present in BIOS ans will still
activate backdoor?

You will see some lack of knowledge here!

TIA

RF

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ