New virus attacks AMD processors

  • Thread starter Thread starter nobody
  • Start date Start date
http://www.vnunet.com/vnunet/news/2163054/virus-attacks-amd-processors

There are quite a few questions:

- Could it really be true? It's not 04/01

- IF true, then are the guys that wrote it INTC fanboys? Or they were
paid to target AMD?

- Is Intel inherently virus-proof, or it could be targeted as well?

NNN
Click to expand...

Interesting. It sounds to me as its very AMD target'ed. As 'very' means
specific AMD cpu's. I think it is a low level risk. But, the dangers of
firmware-like viruses is high. Hard to control hardware....

But, like most everything. Its a boon for the anti-virus campanies. Viruses
happen. Hell, someday I'll be the guy that clicks on the virus. I remember
my first job. Cool tech copany, 1999 era,Bay area, very smart company
founder, when I heard him yell "oh shit. damnit what a f&^% idiot" He then
came into my office, I was one of two sys-admins at the time.

He got an email with an oddly-named attachment. From a friend, he first
thought it was a funny joke. He read the name, "IloveYou" executed it, and
about 1 second after exceuting it thought. f&&k

We gave him lots of shit for that. Still do.
 
Grant said:
Interesting. It sounds to me as its very AMD target'ed. As 'very' means
specific AMD cpu's. I think it is a low level risk. But, the dangers of
firmware-like viruses is high. Hard to control hardware....
Click to expand...

It's all a big misunderstanding:

AMD 'Virus' is no AMD virus at all
http://www.theinquirer.net/default.aspx?article=33999

Somebody figured "AMD64" meant AMD-only. It was just meant generically
for x86-64.

Yousuf Khan
 
It's all a big misunderstanding:

AMD 'Virus' is no AMD virus at all
http://www.theinquirer.net/default.aspx?article=33999

Somebody figured "AMD64" meant AMD-only. It was just meant generically
for x86-64.
Click to expand...

Yeah but this guy "Vincent Weafer, senior director of Symantec's Security
Response Group" should have known better... but apparently not. WTF kind
of tech director is he if he doesn't know that Intel makes EM64T
processors? According to him: Inetl 64-bit == Itanium. What a doof!
 
Yeah but this guy "Vincent Weafer, senior director of Symantec's Security
Response Group" should have known better... but apparently not. WTF kind
of tech director is he if he doesn't know that Intel makes EM64T
processors? According to him: Inetl 64-bit == Itanium. What a doof!
Click to expand...

Or he is in some way on Intell payroll? <---- this is a question mark.

Seems a silly attack towards AMD , and AMD could even sue.

 
George said:
Yeah but this guy "Vincent Weafer, senior director of Symantec's Security
Response Group" should have known better... but apparently not. WTF kind
of tech director is he if he doesn't know that Intel makes EM64T
processors? According to him: Inetl 64-bit == Itanium. What a doof!
Click to expand...

So far, there isn't a lot of info on what exactly this virus is
supposedly doing. Initially I heard that this virus was supposedly able
to bypass security under all operating systems that run under these
processors. This indicated to me that perhaps it was similar to the
proof of concept virus (trojan-horse actually) presented a couple of
months back where somebody created a program masquerading as a
virtual-machine hypervisor, which could have access to the memory areas
of all operating systems running underneath it. This was a
virtualization virus.

However, the name of the virus is w32.bounds & w64.bounds, tentatively.
This means it's a Windows-only virus, not Linux, Solaris, or anything
else. So now we're hearing that in order for this virus to work it has
to exploit a hole in Windows to enter at the processor level. So it
doesn't seem like it's quite the all-encompassing virus they were
making it out to be. So what exactly is it attacking at the processor
level if not virtualization?

Yousuf Khan
 
Or he is in some way on Intell payroll? <---- this is a question mark.

Seems a silly attack towards AMD , and AMD could even sue.
Click to expand...

It's not so simple. Would be great for AMD antitrust suit if there
was any proof to "he is in some way on Intel payroll", but chances to
find one that the judge would accept into evidence are *negligibly*
small.

Suing on the basis of this "silly attack towards AMD" as such would
have no merit unless any monetary damages directly resulting from it
can be proven. IIRC, the estate (read - parents) of Nicole Simpson
sued OJ Simpson for the cost of cleaning blood-stained dress ($1) -
and million$ in punitive damages.

It would be great if this exec personally (not the corporation) was
slammed with a noticeable amount in damages, but I can't see it happen
;-(

NNN
 
Jan said:
Or he is in some way on Intell payroll? <---- this is a question mark.

Seems a silly attack towards AMD , and AMD could even sue.
Click to expand...

I think this may be a case of the shoe is on the other foot here.
Before when it used to be called "Intel architecture", it was Intel who
would get all of the blame, even if it affected AMD processors too. Now
that it's called "AMD architecture", AMD gets blamed. Intel probably
preferred that all of the glory went to "Intel ia32 architecture",
whereas all the blame should be dumped on the generic "x86
architecture". I'm sure AMD would like the same thing, send glorymail
to address "AMD64 architecture", send blamemail to address "x64
architecture". :-)

Yousuf Khan
 
George said:
Yeah but this guy "Vincent Weafer, senior director of Symantec's Security
Response Group" should have known better... but apparently not. WTF kind
of tech director is he if he doesn't know that Intel makes EM64T
processors? According to him: Inetl 64-bit == Itanium. What a doof!
Click to expand...

Do you really expect any better from Symantec?

They seem to be the Computer Associates of the new millenium.
 
It's all a big misunderstanding:
Click to expand...

"misunderstanding" is putting it VERY nicely. A much better
description is "complete and utter stupidity". I'm not sure which is
worse, the fact that Symantec's security director having absolutely no
idea what he's talking about, or the fact that these Vnunet people
published a story that was blatantly obviously wrong! It took all of
about 5 seconds of reading the description of this virus to see that
it has ABSOLUTELY NOTHING to do with processors!
AMD 'Virus' is no AMD virus at all
http://www.theinquirer.net/default.aspx?article=33999

Somebody figured "AMD64" meant AMD-only. It was just meant generically
for x86-64.
Click to expand...

It's bad enough to mistake WinXP "AMD64" as being AMD-only, but they
also claimed that it was specifically going to target 32-bit AMD
processors!

There is just no excuse for that level of stupidity!
 
So far, there isn't a lot of info on what exactly this virus is
supposedly doing.
Click to expand...

Sure there is, it uses the Win32 or Win64 API functionality of
"binding" executable and DLL files. You can find some info about this
concept here:

http://msdn.microsoft.com/msdnmag/issues/02/03/PE2/default.aspx

Basically the virus uses this binding functionality to hide where it's
actually reading the malicious code from.
Initially I heard that this virus was supposedly able
to bypass security under all operating systems that run under these
processors.
Click to expand...

Nope. Absolutely zero processor-level code. Strictly Windows stuff.
However, the name of the virus is w32.bounds & w64.bounds, tentatively.
This means it's a Windows-only virus, not Linux, Solaris, or anything
else. So now we're hearing that in order for this virus to work it has
to exploit a hole in Windows to enter at the processor level. So it
doesn't seem like it's quite the all-encompassing virus they were
making it out to be. So what exactly is it attacking at the processor
level if not virtualization?
Click to expand...

Absolutely nothing, just a lot of stupidity on the part of the article
writers and that Symantec dude. Proof yet again that no one in their
right mind should buy Symantec products?
 
Tony said:
Absolutely nothing, just a lot of stupidity on the part of the article
writers and that Symantec dude. Proof yet again that no one in their
right mind should buy Symantec products?
Click to expand...

Unfortunately, Symantec bought out a semi-competent Unix middleware
company, Veritas, so some have got no choice but to deal with them now.

Yousuf Khan
 
Unfortunately, Symantec bought out a semi-competent Unix middleware
company, Veritas, so some have got no choice but to deal with them now.
Click to expand...

Symantec has bought out LOTS of semi-competent companies. However
they usually don't stay at all competent for very long after the
buyout. Any time I see that Symantec has bought out a company that
makes I product I use, it's a sign for me to start looking for
alternatives!
 
Symantec has bought out LOTS of semi-competent companies. However
they usually don't stay at all competent for very long after the
buyout. Any time I see that Symantec has bought out a company that
makes I product I use, it's a sign for me to start looking for
alternatives!
Click to expand...

Agree on Symantec - they'll get no more of my $$. Any preference you have
for a good AV package? I need to get a 20-25pack license for the office
and it's awfully hard to decide - the "reviews" are useless.
 
Agree on Symantec - they'll get no more of my $$. Any preference you have
for a good AV package? I need to get a 20-25pack license for the office
and it's awfully hard to decide - the "reviews" are useless.
Click to expand...

I use NOD32 at home, although I don't know what their admin tools are
like for business multi-computer use are like.

Kaspersky, F-Secure, and Sophos are quite good, and their admin tools
seem good too.
 
I use NOD32 at home, although I don't know what their admin tools are
like for business multi-computer use are like.

Kaspersky, F-Secure, and Sophos are quite good, and their admin tools
seem good too.
Click to expand...

Based on what criteria though? They've all been panned or praised by
somebody or other. F-Secure only wants to sell through authorized
distributors... kinda like a time-warp into the '80s.:-)

Thanks for the tip on NOD32 - odd how none of the PCmag sites even looked
at it... but there are some rave reviews by end-users. I think I might
give the demo a whirl.
 
Back
Top