LinuxDucks Forum Linux Operating System Club
It is currently Tue Dec 18, 2018 10:55 am

All times are UTC - 4 hours [ DST ]

Post new topic Reply to topic  [ 1 post ] 
Author Message
 Post subject: Researchers Find Way to Detect Direct Memory Access Malware
PostPosted: Tue Oct 01, 2013 6:15 pm 
Site Admin

Joined: Sat Apr 30, 2011 4:33 am
Posts: 1530
Location: USA
Researchers Find Way to Detect Direct Memory Access Malware
September 27th, 2013, 08:11 GMT · By Eduard Kovacs ... 6671.shtml

Last year, security researchers Patrick Stewin and Iurii Bystrov developed a piece of malware, DAGGER, that’s executed on dedicated hardware such as network and graphics cards to launch stealthy attacks by leveraging direct memory access (DMA).
Now, the Technical University of Berlin researchers claim to have found a way to detect pieces of malware like DAGGER. Their research project is funded by the German government.
Initially, DAGGER was a keylogger that could be used to target both Linux and Windows machines. In the .....
FULL: ... 6671.shtml


Horizon threats, Here already! Direct Memory Access Malware – GPU others
By bluecollarpc - Last updated: Saturday, September 28, 2013 - Save & Share - Leave a Comment ... pu-others/

HORIZON THREATS? Here already! DMA and RDMA Threats

Malware could be hiding in your GPU ... n-your-gpu

(Let us become familiar by browsing the DMA Direct Memory Access links below)

Direct memory access
From Wikipedia, the free encyclopedia

What is DMA? – A Word Definition From the Webopedia

What is Direct Memory Access (DMA)? – Definition from Techopedia ... access-dma

Remote direct memory access (RDMA)
From Wikipedia, the free encyclopedia ... ory_access

Introduction to direct memory access ... ory-access
Implementing direct memory access is straightforward, once you know how it works and how to configure your DMA controller. Here’s a primer on this most efficient means of moving data around in a system.
“Malware writers have worked out ways of hiding trojan horses in places where viruses checkers can’t look, according to one security researcher.
Patrick Stewin has demonstrated a a detector which can be built to find sophisticated malware that runs on dedicated devices and attacks direct memory access (DMA).
This will mean that it will finally tell us how effective crackers have been at getting malware into graphics and network cards.
The code has managed to find attacks launched by the malware, dubbed DAGGER, which targeted host runtime memory using DMA provided to hardware devices.
DAGGER attacked 32bit and 64bit Windows and Linux systems and could bypass memory address randomisation. It has now been developed to a point where the host cannot detect its presence, Stewin said.”….
FULL: ... n-your-gpu

memory address randomisation / Address space layout randomization ... domization
“Address space randomization hinders some types of security attacks by making it more difficult for an attacker to predict target addresses. For example, attackers trying to execute return-to-libc attacks must locate the code to be executed, while other attackers trying to execute shellcode injected on the stack have to find the stack first. In both cases, the system obscures related memory-addresses from the attackers. These values have to be guessed, and a mistaken guess is not usually recoverable due to the application crashing.”

Direct Memory Access | Security Architect ... ccess.html
Sep 5, 2013 – … when someone mentioned “HBGary Direct Memory Access tools. … as well as use tools to protect against malware delivered remotely. ….
“You ask, “Can they really do that?” and you may be thinking “Only in the movies” but all along I would have told you “Yeah, they probably can.” The other day I got confirmation when someone mentioned “HBGary Direct Memory Access tools.” That was enough of a lead to spawn a Google search and soon I confirmed such tools aren’t just in the movies.
Of course, if you’ve got great contacts in law enforcement and defense/intel you probably knew that already. But for the rest of us, you don’t have to watch the detectives anymore, there’s a considerably better source for such secret knowledge. I pulled up an old Ars Technica titled “Black ops: how HBGary wrote backdoors for the government.” This was written in the wake of the Anonymous attack on Federal contractor HBGary which led to a Wikileaks-style puke out of the company’s email data banks. Per the article:
“In 2009, HBGary…partnered with…General Dynamics to work on a project euphemistically known as ‘Task B.’ The team had a simple mission: slip a piece of stealth software onto a target laptop…they focused on the ‘direct access’ ports [PCMCIA, ExpressCard and Firewire] that provide ‘uninhibited electronic direct memory access’…[allowing] a custom piece of hardware delivered by a field operative to interact directly with the laptop [and] write directly to the computer’s memory…The [USB and wifi ports] needed “trust relationships” or relied on ‘buffer overflows…”
From the email records it seems HBGary wrote multiple exploits including so-called “rootkits,” a type of malware that installs deep in the OS to become undetectable to anti-virus scanners using standard I/O interfaces. The DMA rootkit was the malware of choice on “Task B” because it was thought to have the lowest risk of detection. And it could be used in physical access scenarios such as a spy accessing a laptop left on a desk or in the hotel room. ….”

Hacker Defeats Hardware-based Rootkit Detection – Slashdot
Mar 4, 2007 … And that’s what hardware-based rootkit detection is about. Use hardware with DMA (which you trust) to access memory instead of letting the … ... -detection

Researchers Find Way to Detect Direct Memory Access Malware
September 27th, 2013, 08:11 GMT · By Eduard Kovacs ... 6671.shtml

How to Enable Direct Memory Access (DMA) – Microsoft Support
This article describes how to enable Direct Memory Access (DMA) on your Windows 98-based, Windows 95-based or Windows Millennium Edition-based…

Posted in BlueCollarPC WordPress Blog • Tags: antispyware, antivirus, bluecollarpc blog, botnet, Computer Health, crimeware, cross platform infection, cybercrime, DMA Direct Memory Access, DMA Rootkit, Forensics, infection, pipelining, RDMA Remote Direct Memory Access, rootkit, security • Top Of Page

SENDER: gerald309 --
Have A Safe Computing Day!
Webmaster: Malware Removal/Amateur Forensics
HELP ... CSecurity/
Membership/Join List:
Free Malware Removal Help / A Community Website Since 2005

Malware Removal / Amatuer Forensics

Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 1 post ] 

All times are UTC - 4 hours [ DST ]

Who is online

Users browsing this forum: No registered users and 1 guest

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Design by fragilix © 2008 based on subsilver2.

This site is hosted by - get a forum for free. Get coupon codes.
MultiForums powered by echoPHP phpBB MultiForums