linuxducks.free-forums.org

LinuxDucks Forum Linux Operating System Club
It is currently Tue May 23, 2017 7:44 pm

All times are UTC - 4 hours [ DST ]




Post new topic Reply to topic  [ 1 post ] 
Author Message
 Post subject: Researchers Find Way to Detect Direct Memory Access Malware
PostPosted: Tue Oct 01, 2013 6:15 pm 
Offline
Site Admin

Joined: Sat Apr 30, 2011 4:33 am
Posts: 1530
Location: USA
Researchers Find Way to Detect Direct Memory Access Malware
September 27th, 2013, 08:11 GMT · By Eduard Kovacs
http://news.softpedia.com/news/Research ... 6671.shtml

Last year, security researchers Patrick Stewin and Iurii Bystrov developed a piece of malware, DAGGER, that’s executed on dedicated hardware such as network and graphics cards to launch stealthy attacks by leveraging direct memory access (DMA).
Now, the Technical University of Berlin researchers claim to have found a way to detect pieces of malware like DAGGER. Their research project is funded by the German government.
Initially, DAGGER was a keylogger that could be used to target both Linux and Windows machines. In the .....
FULL: http://news.softpedia.com/news/Research ... 6671.shtml

SEE OUR NEW BLOG POST ON THIS HERE....

Horizon threats, Here already! Direct Memory Access Malware – GPU others
By bluecollarpc - Last updated: Saturday, September 28, 2013 - Save & Share - Leave a Comment
http://bluecollarpc.us/2013/09/28/horiz ... pu-others/


HORIZON THREATS? Here already! DMA and RDMA Threats

Malware could be hiding in your GPU
http://news.techeye.net/security/malwar ... n-your-gpu

(Let us become familiar by browsing the DMA Direct Memory Access links below)

Direct memory access
From Wikipedia, the free encyclopedia
http://en.wikipedia.org/wiki/Direct_memory_access

What is DMA? – A Word Definition From the Webopedia
http://www.webopedia.com/TERM/D/DMA.html

What is Direct Memory Access (DMA)? – Definition from Techopedia
http://www.techopedia.com/definition/27 ... access-dma

Remote direct memory access (RDMA)
From Wikipedia, the free encyclopedia
http://en.wikipedia.org/wiki/Remote_dir ... ory_access

Introduction to direct memory access
http://www.embedded.com/electronics-blo ... ory-access
Implementing direct memory access is straightforward, once you know how it works and how to configure your DMA controller. Here’s a primer on this most efficient means of moving data around in a system.
“Malware writers have worked out ways of hiding trojan horses in places where viruses checkers can’t look, according to one security researcher.
Patrick Stewin has demonstrated a a detector which can be built to find sophisticated malware that runs on dedicated devices and attacks direct memory access (DMA).
This will mean that it will finally tell us how effective crackers have been at getting malware into graphics and network cards.
The code has managed to find attacks launched by the malware, dubbed DAGGER, which targeted host runtime memory using DMA provided to hardware devices.
DAGGER attacked 32bit and 64bit Windows and Linux systems and could bypass memory address randomisation. It has now been developed to a point where the host cannot detect its presence, Stewin said.”….
FULL: http://news.techeye.net/security/malwar ... n-your-gpu

memory address randomisation / Address space layout randomization
http://en.wikipedia.org/wiki/Address_sp ... domization
“Address space randomization hinders some types of security attacks by making it more difficult for an attacker to predict target addresses. For example, attackers trying to execute return-to-libc attacks must locate the code to be executed, while other attackers trying to execute shellcode injected on the stack have to find the stack first. In both cases, the system obscures related memory-addresses from the attackers. These values have to be guessed, and a mistaken guess is not usually recoverable due to the application crashing.”


NOW READ THIS…
Direct Memory Access | Security Architect
http://security-architect.blogspot.com/ ... ccess.html
Sep 5, 2013 – … when someone mentioned “HBGary Direct Memory Access tools. … as well as use tools to protect against malware delivered remotely. ….
“You ask, “Can they really do that?” and you may be thinking “Only in the movies” but all along I would have told you “Yeah, they probably can.” The other day I got confirmation when someone mentioned “HBGary Direct Memory Access tools.” That was enough of a lead to spawn a Google search and soon I confirmed such tools aren’t just in the movies.
Of course, if you’ve got great contacts in law enforcement and defense/intel you probably knew that already. But for the rest of us, you don’t have to watch the detectives anymore, there’s a considerably better source for such secret knowledge. I pulled up an old Ars Technica titled “Black ops: how HBGary wrote backdoors for the government.” This was written in the wake of the Anonymous attack on Federal contractor HBGary which led to a Wikileaks-style puke out of the company’s email data banks. Per the article:
“In 2009, HBGary…partnered with…General Dynamics to work on a project euphemistically known as ‘Task B.’ The team had a simple mission: slip a piece of stealth software onto a target laptop…they focused on the ‘direct access’ ports [PCMCIA, ExpressCard and Firewire] that provide ‘uninhibited electronic direct memory access’…[allowing] a custom piece of hardware delivered by a field operative to interact directly with the laptop [and] write directly to the computer’s memory…The [USB and wifi ports] needed “trust relationships” or relied on ‘buffer overflows…”
From the email records it seems HBGary wrote multiple exploits including so-called “rootkits,” a type of malware that installs deep in the OS to become undetectable to anti-virus scanners using standard I/O interfaces. The DMA rootkit was the malware of choice on “Task B” because it was thought to have the lowest risk of detection. And it could be used in physical access scenarios such as a spy accessing a laptop left on a desk or in the hotel room. ….”


PRESS:
Hacker Defeats Hardware-based Rootkit Detection – Slashdot
Mar 4, 2007 … And that’s what hardware-based rootkit detection is about. Use hardware with DMA (which you trust) to access memory instead of letting the …
http://it.slashdot.org/story/07/03/04/1 ... -detection

Researchers Find Way to Detect Direct Memory Access Malware
September 27th, 2013, 08:11 GMT · By Eduard Kovacs
http://news.softpedia.com/news/Research ... 6671.shtml


RELATED:
How to Enable Direct Memory Access (DMA) – Microsoft Support
http://support.microsoft.com/kb/258757
This article describes how to enable Direct Memory Access (DMA) on your Windows 98-based, Windows 95-based or Windows Millennium Edition-based…

Posted in BlueCollarPC WordPress Blog • Tags: antispyware, antivirus, bluecollarpc blog, botnet, Computer Health, crimeware, cross platform infection, cybercrime, DMA Direct Memory Access, DMA Rootkit, Forensics, infection, pipelining, RDMA Remote Direct Memory Access, rootkit, security • Top Of Page


--
SENDER: gerald309 --
Have A Safe Computing Day!
Webmaster: Malware Removal/Amateur Forensics
HOME http://bluecollarpc.us/
Alternate https://sites.google.com/site/pcsecurityhelper/
HELP http://tech.groups.yahoo.com/group/Blue ... CSecurity/
Membership/Join List:
Subscribe: BlueCollarPCSecurity-subscribe@yahoogroups.com
Free Malware Removal Help / A Community Website Since 2005

_________________
ADMINISTRATOR / FORUM OWNER
HOME: http://linuxducks.webs.com/
https://sites.google.com/site/linuxducks/home
http://tech.groups.yahoo.com/group/linuxducks/
Web: https://sites.google.com/site/pcsecurityhelper/
Malware Removal / Amatuer Forensics


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 1 post ] 

All times are UTC - 4 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Design by fragilix © 2008 based on subsilver2.

This site is hosted by Free-Forums.org - get a forum for free. Get coupon codes.
* MultiForums powered by echoPHP phpBB MultiForums