anonymous programmers created three spy programs that can become lodged in the video cards memory. The source code of the programs, called WIN_JELLY, Jellyfish and Demon were published on Github site, allowing other developers to study and understand the technique used. The latest is the WIN_JELLY, published on Saturday (9), and they were created as “demonstration of a concept” without malicious purpose.
Virus already use video cards to “mine” virtual currencies such as Bitcoin, but in these cases the program itself is not stored on the video card. He only “calls” video hardware functions for getting the processing board in specific calculations related to cryptographic currencies.
The idea of the three software packages published on Github is to store all program code in memory video card computer, a space that is usually not analyzed by antivirus. Thus, detect the attack becomes more difficult.
To work, the codes require that the computer has a video card dedicated AMD or Nvidia. These cards have their own memory and are present on computers for gaming, 3D workstations and other high-performance systems. Integrated cards, common in cheap computers and notebooks, share the system memory to the processor and the codes do not work in this situation.
The technique is also different from that adopted by spyware housed in hardware. The most common is that the malicious program is stored in the firmware, which is a program in the chip responsible for circuit logic. In February, the antivirus maker Kaspersky Lab found a “supervirus” can be stored in the hard disk controller chip. Other laboratory tests have demonstrated similar attacks against motherboards and network cards.
The three programs that are housed on the video card, but use resources made available by the very video card to handle memory card. These functions are intended for programs that want to use the card processor – which is faster for certain calculations. The codes make use of these functions to record the malicious program on board memory.
However, the memory is volatile and should be deleted when the computer is restarted. According to documentation WIN_JELLY, however, there is a chance the code remain in memory, allowing accommodate most of the malicious code only on the graphics card.
As the medium is irregular, the technique can does not work in all cases and shut down the computer completely will cause the virus short memory and need to be recharged, giving a chance for security tools to detect a possible attack.
The developers say they still They are in the “early stages of research and began putting into practice theories described scholarly articles on malicious code housed in memory of the video card. It was not informed how they plan to improve the code.
No comments:
Post a Comment