Can dialer viruses turn on the computer?

  • Thread starter Thread starter Cautious Nerd
  • Start date Start date
C

Cautious Nerd

Our home phone service provider advised a friend to always disconnect
the phone line from the PC. The friend was apparently told that if one gets a
dialer virus/trojan, it can act even with the computer turned off. I
have a hard time seeing this. Is this just a case of
"miscommunafication"?

Thanks,

Cautious Nerd
 
From: "Cautious Nerd" <[email protected]>

| Our home phone service provider advised a friend to always disconnect
| the phone line from the PC. The friend was apparently told that if one gets a
| dialer virus/trojan, it can act even with the computer turned off. I
| have a hard time seeing this. Is this just a case of
| "miscommunafication"?
|
| Thanks,
|
| Cautious Nerd

A "magic Packet" can be sent to the Network Interface Card (not Dial-Up) and a computer can
be powered-up. This can be prevented by using a Cable/DSL Router on a Broadband Internet
connection.

If a PC is infected with a Trojan or Virus and it is powered off, the Trojan or virus is
rendered inert and can not do anything until the PC angain powered-up.
 
Date: Sat, 26 Mar 2005 09:39:55 -0500
From: "David H. Lipman" <[email protected]>
Newsgroups: alt.comp.virus, alt.comp.anti-virus,
microsoft.public.security.virus, comp.security.misc
Subject: Re: Can dialer viruses turn on the computer?

From: "Cautious Nerd" <[email protected]>

| Our home phone service provider advised a friend to always disconnect
| the phone line from the PC. The friend was apparently told that if one gets a
| dialer virus/trojan, it can act even with the computer turned off. I
| have a hard time seeing this. Is this just a case of
| "miscommunafication"?
|
| Thanks,
|
| Cautious Nerd

A "magic Packet" can be sent to the Network Interface Card (not Dial-Up) and a computer can
be powered-up. This can be prevented by using a Cable/DSL Router on a Broadband Internet
connection.

If a PC is infected with a Trojan or Virus and it is powered off, the Trojan or virus is
rendered inert and can not do anything until the PC angain powered-up.
Click to expand...

Can't some of the newer PCs with hardware power-management built-in be
programmed to turn themselves on at a specific time? The real-time clock
can use its alarm feature to signal the power-management hardware to turn
on the computer. And a trojan or virus sould easily set that alarm.
 
From: "Norman L. DeForest" <[email protected]>


|
| Can't some of the newer PCs with hardware power-management built-in be
| programmed to turn themselves on at a specific time? The real-time clock
| can use its alarm feature to signal the power-management hardware to turn
| on the computer. And a trojan or virus sould easily set that alarm.
|
| --
| ">> consider moving away from Front Page...."
| ">To what? Any suggestions?"
| "Naked bungee-jumping. It's less humiliating <g>"
| -- Matt Probert in alt.www.webmaster, March 20, 2005

Conceivably yes, but there is no known infector doing that as of yet.

The problem is the infector would have to be tied to a vary narrow niche platform or
specific motherboard.
 
If the computer is plugged into a power strip and the power strip is not
supplying power to the computer, it can't turn itself on unless the
computer has some sort of battery backup. If one is worried about this,
just turn your power strip off or unplug the computer.
 
From: "CarlosRivera" <[email protected]>

| If the computer is plugged into a power strip and the power strip is not
| supplying power to the computer, it can't turn itself on unless the
| computer has some sort of battery backup. If one is worried about this,
| just turn your power strip off or unplug the computer.
|
| David H. Lipman wrote:

Yes !
 
Sounds like it. However, the next time he turns it on, the virus could
immediately dial out.

Depends. Some computers have a "wake on ..." like wake on lan. feature,
which can turn them on. But that has to come from outside.
Note that the Cable/Router is precisely attached to the lan and thus could
be used to turn it on. I do not know of any systems which have a "wake on
modem" feature, not least because I do not know of motherboards which have
modems built in.
Can't some of the newer PCs with hardware power-management built-in be
programmed to turn themselves on at a specific time? The real-time clock
Click to expand...

I have not seen that. Maybe there are.
 
Unruh said:
Sounds like it. However, the next time he turns it on, the virus could
immediately dial out.


Depends. Some computers have a "wake on ..." like wake on lan. feature,
which can turn them on. But that has to come from outside.
Note that the Cable/Router is precisely attached to the lan and thus could
be used to turn it on. I do not know of any systems which have a "wake on
modem" feature, not least because I do not know of motherboards which have
modems built in.
Click to expand...

Mine does, apparently! When I first got it the PC would keep switching
its-self back on at odd times. Turns out it was the modem detecting spikes
on the phone line and triggering a power-up. A change in the BIOS settings
(or unplug the modem) solved the problem...
 
Cautious said:
Our home phone service provider advised a friend to always disconnect
the phone line from the PC. The friend was apparently told that if one gets a
dialer virus/trojan, it can act even with the computer turned off. I
have a hard time seeing this. Is this just a case of
"miscommunafication"?
Click to expand...

Thank you all for your knowledge.

* Wake-on-LAN allows a magic packet sent to the NIC to signal the computer to turn on
* Viruses can dial out upon manual power-on (though I'm not so concerned about this,
because that's not much different from virus dialing out before system shutdown
* New PCs have power management that allow power up at a preset alarm time.
No virus known to use this yet.
* Disconnect power to ensure no virus-induced power-up. For laptops, remove battery.
* If modem is integrated to motherboard, power spikes on phone line have triggered power-ups

Cautious Nerd
 
CarlosRivera said:
The machines are going to take over. :)
Click to expand...

Oh NO!! The script of Terminator is coming true!!!
AAARRRRRRGGGGGGG!!!!!!!!!! ;-)

[goes off to have argument with microwave and toaster]
 
In Martin, VK2UMJ <[email protected]> had this to say:

My reply is at the bottom of your sent message:
CarlosRivera said:
The machines are going to take over. :)
Click to expand...

Oh NO!! The script of Terminator is coming true!!!
AAARRRRRRGGGGGGG!!!!!!!!!! ;-)

[goes off to have argument with microwave and toaster]

Click to expand...

Or what ever album it was that prompted Who Made Who from AC/DC and Stephen
King. Oh, Maximum Overdrive...

Anyhow to make a long story short yes it would be possible with today's BIOS
to wake at a schedule and due to BIOS updates this would be something that
*could* be controlled in the OS via a virus or, more scary, with something
which has established root (you might call them rootkits but I'm more
familiar with *NIX at this point) and is able to completely control the OS.
The question is could it be done? Yes. Of course. Has it? No. Not to the
best of my knowledge which certianly isnt' complete but is reasonably
up-to-date. It *could* be done indeed but hasn't been. If one had a rootkit
installed that was truly akin to those found on *NIX years ago you'd find
that it could be done and control could be established to the point where
the monitor wasn't on and the power lights didn't turn on. Scary huh? Could?
Yes. Has? Not yet AFAIK... Probably won't be as there's too many people on
to it now. Why hack when you'll be found? Look instead for statefull packet
inspection with component control options to insure that the application
accessing the 'net is really the one you set it to during configuration,
disable automatic dialing of any type, a large number of malware
infestations actually require you to reboot so why bother rebooting? If you
do then why not take a moment to disconnect the line (DSL or cable) just to
make sure? I reboot once a month or so with my main system and hibernate the
rest of the time.

In short your question was vague, can it be done? Certainly I'd expect. Has
it been? Nope. Not as far as I know and the rest of the people who've
answered know. Something that basic doesn't even require a proof of concept
to prove it's possible. I fully expect that people much smarter than I could
do so easily and, in fact, much more easily now that you can actually change
certain BIOS settings from within the OS. (Think back to the days when you
couldn't set the clock in the system and have it stay but rather had to do
it through the CMOS for example.) Heck, if you want there are overclocking
utilities that work within the OS now... So, again, in short there's nothing
to see here folks, please carry on and continue computing like there's
nothing wrong. <g> Really though it's not done at this point and
disconnecting due to the threat is a pain. If the power is spiking that bad
as the person Martin said then get a power surge that protects phone jacks
as well and disable wake on LAN features in your CMOS.

Galen
 
Thank you all for your knowledge.

* Wake-on-LAN allows a magic packet sent to the NIC to signal the
computer to turn on * Viruses can dial out upon manual power-on
(though I'm not so concerned about this,
because that's not much different from virus dialing out before
system shutdown
* New PCs have power management that allow power up at a preset alarm
time.
No virus known to use this yet.
* Disconnect power to ensure no virus-induced power-up. For laptops,
remove battery. * If modem is integrated to motherboard, power spikes
on phone line have triggered power-ups

Cautious Nerd
Click to expand...

are you applying these comments to POTS lines or VOIP connections?
 
Galen said:
In news:[email protected], [SNIP]

nothing wrong. <g> Really though it's not done at this point and
disconnecting due to the threat is a pain. If the power is spiking that
bad as the person Martin said then get a power surge that protects phone
jacks as well and disable wake on LAN features in your CMOS.
Click to expand...

Exactly what I ended up doing - disable wake on LAN/Modem/whatever in CMOS,
added surge protector/filtering to power and phone line, and problem solved.
It was just interesting because this was the first PC I had that actually
did this, and at first it wasn't obvious what was making it power up at
random...
 
In Martin, VK2UMJ <[email protected]> had this to say:

My reply is at the bottom of your sent message:
Exactly what I ended up doing - disable wake on LAN/Modem/whatever in
CMOS, added surge protector/filtering to power and phone line, and
problem solved. It was just interesting because this was the first PC
I had that actually did this, and at first it wasn't obvious what was
making it power up at random...
Click to expand...

I can imagine that it could be pretty alarming to go to bed and know for a
fact that you'd turned the PC off and to wake up with it turned back on and
ready to go. I'm pretty sure that would bug the heck out of me the first few
times at any rate.

Anyhow, it's Easter and the kids are awake and have hunted down all 48
easter eggs (24 each with color specific findings and equal prizes in each
plastic egg) so I'm going to get some sleep. I'm not a very religious person
but I still can't figure out what the whole egg hunt has to do with the
death or rising of a man on a cross. I'm thinking it's some pagan holiday
that's mixed in with the religious rite because the church couldn't
completely abolish it.

Perhaps digging to find the reason for the restarts while the computer was
off was a bit like an Easter egg hunt?

Galen
 
are you applying these comments to POTS lines or VOIP connections?
Click to expand...

Just summarizing points made by the time of the postings, though the original
question had to do with dialup (POTS). I'm not sure how VOIP fits in, since
I'm not familiar with the technology.

Cautious Nerd
 
do so easily and, in fact, much more easily now that you can actually change
certain BIOS settings from within the OS. (Think back to the days when you
couldn't set the clock in the system and have it stay but rather had to do
it through the CMOS for example.)
Click to expand...

I understand that in Windows 9X bios/cmos settings *could* be changed by
viruses or for that matter *any* software.
for example, CIH, Magistr Kriz could mess up the bios while todays viruses,
etc written mainly for XP cannot *touch* the bios/cmos

So I think it is the opposite. It is 9X that can affect bios/cmos and *not*
XP programming.
--At least I thought it was that way.

Heck, if you want there are overclocking
utilities that work within the OS now...
Click to expand...

that mean a trojan can overclock and or produce a power surge?
So, again, in short there's nothing
to see here folks, please carry on and continue computing like there's
nothing wrong. <g> Really though it's not done at this point and
disconnecting due to the threat is a pain. If the power is spiking that bad
as the person Martin said then get a power surge that protects phone jacks
as well and disable wake on LAN features in your CMOS.
Click to expand...

trojans produce power surges??
 
[snip]
actually
Click to expand...

Do you mean the CMOS Setup program in the BIOS?
I understand that in Windows 9X bios/cmos settings *could* be changed by
viruses or for that matter *any* software.
for example, CIH, Magistr Kriz could mess up the bios while todays viruses,
etc written mainly for XP cannot *touch* the bios/cmos
Click to expand...

Might be more of a hardware/firmware compatability issue for this
specific BIOS flashing malware payload, and isn't the CMOS still
accessible by application software on XP?
 
Might be more of a hardware/firmware compatability issue for this
specific BIOS flashing malware payload, and isn't the CMOS still
accessible by application software on XP?
Click to expand...

The in/out asm port commands are not available, so software that
updates the cmos under 95/98 will not work under nt/xp, however
as in http://www.winsoft.sk/xioport.htm
it can be done through appropriate api calls. See
http://www.tetraedre.com/advanced/serial.php if you'd like more info.

The flashing of bios, is of course bios make/version dependant.

Regards, Dave Hodgins
 
Back
Top