Something Not Rigth!

Anti virus scanners that scan software are one thing, but what about virus'
that are flashed into the soft memory or other micro chips within a computer
and hibernate there and execute at any time when the system is rebooted?

Antiviral programs and malware removal programs only scan the physical hard
drive and sometimes (if you have a good malware remol tool) deep scan the
RAM memory for malicious software. What happens when other memory modules
become infected and launch at system startup?

Something to ponder for the holidays...

Season's Best!

Elaine Beauxrauxgard-Weiderhoff

Paul
Sun Dec 16 03:41:59 PST 2007

On Sun, 16 Dec 2007 06:26:53 -0500, NJITGS wrote:

> Anti virus scanners that scan software are one thing, but what about virus'
> that are flashed into the soft memory or other micro chips within a computer
> and hibernate there and execute at any time when the system is rebooted?
>
> Antiviral programs and malware removal programs only scan the physical hard
> drive and sometimes (if you have a good malware remol tool) deep scan the
> RAM memory for malicious software. What happens when other memory modules
> become infected and launch at system startup?
>
> Something to ponder for the holidays...

And you actually have examples of these that are out in the wild?

--
Paul Adare
MVP - Virtual Machines
http://www.identit.ca
Bubble memory: A derogatory term, usually referring to a person's
intelligence. See also "vacuum tube."

NJITGS
Sun Dec 16 04:49:59 PST 2007

How and why would it be possible for someone in an internet chat room like
AOL or MSN chat be able to send a boot code to a computer that reboots it
and flashes a virus into it's soft memory?


"Paul Adare" <pkadare@gmail.com> wrote in message
news:1acxkhio8nyqk.e7di2052ccyd.dlg@40tude.net...
> On Sun, 16 Dec 2007 06:26:53 -0500, NJITGS wrote:
>
>> Anti virus scanners that scan software are one thing, but what about
>> virus'
>> that are flashed into the soft memory or other micro chips within a
>> computer
>> and hibernate there and execute at any time when the system is rebooted?
>>
>> Antiviral programs and malware removal programs only scan the physical
>> hard
>> drive and sometimes (if you have a good malware remol tool) deep scan the
>> RAM memory for malicious software. What happens when other memory
>> modules
>> become infected and launch at system startup?
>>
>> Something to ponder for the holidays...
>
> And you actually have examples of these that are out in the wild?
>
> --
> Paul Adare
> MVP - Virtual Machines
> http://www.identit.ca
> Bubble memory: A derogatory term, usually referring to a person's
> intelligence. See also "vacuum tube."

Paul
Sun Dec 16 06:05:59 PST 2007

On Sun, 16 Dec 2007 07:49:59 -0500, NJITGS wrote:

> How and why would it be possible for someone in an internet chat room like
> AOL or MSN chat be able to send a boot code to a computer that reboots it
> and flashes a virus into it's soft memory?

What is "soft memory"?
Why do you think that it is possible in the first place?

--
Paul Adare
MVP - Virtual Machines
http://www.identit.ca
The steady state of disks is full. -- Ken Thompson

NJITGS
Sun Dec 16 06:39:35 PST 2007

Because anything, including preprogrammed microchips, can be infected. For
example; if an .exe file or any other file can be stored on a RAM chip or
any other electrostatic memory chip and be read, -what's to say that a viral
file cannot be flashed into a memory chip on a systemboard, sort of like
when you update or reinstall a drives firmware ie. optical drive?

Everything that connects to a mother (or system) board has a programmable
mircochip inside that operates it and identifies it to the main board, so
what if a viral file is launched that causes the system (or computer) to
reboot then flashes itself into a memory chip that interacts with the main
board? -like as if you created a bootable floppy that flashes a particular
drive with updated firmware, wouldn't the same hold true for a virus that
hibernates in a given memory and launches or executes at a cetain time if
not immediately?

I truly beleive this is possible and the cause for my last computer to end
up in the garbage. There was not an anti-viral program on the face of the
earth that checks memory at the time. So I wonder if there is anything now
that I have brainstormed this that can be done remove memory virus such as
what I am describing......?

E-BW


"Paul Adare" <pkadare@gmail.com> wrote in message
news:yqby49rb637r$.54jf9q43nz5y.dlg@40tude.net...
> On Sun, 16 Dec 2007 07:49:59 -0500, NJITGS wrote:
>
>> How and why would it be possible for someone in an internet chat room
>> like
>> AOL or MSN chat be able to send a boot code to a computer that reboots it
>> and flashes a virus into it's soft memory?
>
> What is "soft memory"?
> Why do you think that it is possible in the first place?
>
> --
> Paul Adare
> MVP - Virtual Machines
> http://www.identit.ca
> The steady state of disks is full. -- Ken Thompson

Paul
Sun Dec 16 08:31:04 PST 2007

On Sun, 16 Dec 2007 09:39:35 -0500, NJITGS wrote:

> Because anything, including preprogrammed microchips, can be infected. For
> example; if an .exe file or any other file can be stored on a RAM chip or
> any other electrostatic memory chip and be read, -what's to say that a viral
> file cannot be flashed into a memory chip on a systemboard, sort of like
> when you update or reinstall a drives firmware ie. optical drive?
>
> Everything that connects to a mother (or system) board has a programmable
> mircochip inside that operates it and identifies it to the main board, so
> what if a viral file is launched that causes the system (or computer) to
> reboot then flashes itself into a memory chip that interacts with the main
> board? -like as if you created a bootable floppy that flashes a particular
> drive with updated firmware, wouldn't the same hold true for a virus that
> hibernates in a given memory and launches or executes at a cetain time if
> not immediately?
>
> I truly beleive this is possible and the cause for my last computer to end
> up in the garbage. There was not an anti-viral program on the face of the
> earth that checks memory at the time. So I wonder if there is anything now
> that I have brainstormed this that can be done remove memory virus such as
> what I am describing......?

You're imagining things.

--
Paul Adare
MVP - Virtual Machines
http://www.identit.ca
One picture is worth 128K words.

NJITGS
Sun Dec 16 08:38:26 PST 2007

Then why did you reply to this thread?



"Paul Adare" <pkadare@gmail.com> wrote in message
news:qht7gg66snbs$.zgc3c5xixr9f$.dlg@40tude.net...
> On Sun, 16 Dec 2007 09:39:35 -0500, NJITGS wrote:
>
>> Because anything, including preprogrammed microchips, can be infected.
>> For
>> example; if an .exe file or any other file can be stored on a RAM chip or
>> any other electrostatic memory chip and be read, -what's to say that a
>> viral
>> file cannot be flashed into a memory chip on a systemboard, sort of like
>> when you update or reinstall a drives firmware ie. optical drive?
>>
>> Everything that connects to a mother (or system) board has a programmable
>> mircochip inside that operates it and identifies it to the main board, so
>> what if a viral file is launched that causes the system (or computer) to
>> reboot then flashes itself into a memory chip that interacts with the
>> main
>> board? -like as if you created a bootable floppy that flashes a
>> particular
>> drive with updated firmware, wouldn't the same hold true for a virus that
>> hibernates in a given memory and launches or executes at a cetain time if
>> not immediately?
>>
>> I truly beleive this is possible and the cause for my last computer to
>> end
>> up in the garbage. There was not an anti-viral program on the face of
>> the
>> earth that checks memory at the time. So I wonder if there is anything
>> now
>> that I have brainstormed this that can be done remove memory virus such
>> as
>> what I am describing......?
>
> You're imagining things.
>
> --
> Paul Adare
> MVP - Virtual Machines
> http://www.identit.ca
> One picture is worth 128K words.

Paul
Sun Dec 16 08:41:50 PST 2007

On Sun, 16 Dec 2007 11:38:26 -0500, NJITGS wrote:

> Then why did you reply to this thread?

Because you're making things up and spreading FUD. There is enough to worry
about when it comes to computer security without having folks worried about
non-existent threats.

--
Paul Adare
MVP - Virtual Machines
http://www.identit.ca
Life would be so much easier if we could just look at the source code.

NJITGS
Sun Dec 16 10:03:42 PST 2007

I'll give the readers of this thread the right to draw thier own conclusions
and opinion about my theory. Thank you...


"Paul Adare" <pkadare@gmail.com> wrote in message
news:7uek1gvzcfb1$.1d2qcc8t13tg9$.dlg@40tude.net...
> On Sun, 16 Dec 2007 11:38:26 -0500, NJITGS wrote:
>
>> Then why did you reply to this thread?
>
> Because you're making things up and spreading FUD. There is enough to
> worry
> about when it comes to computer security without having folks worried
> about
> non-existent threats.
>
> --
> Paul Adare
> MVP - Virtual Machines
> http://www.identit.ca
> Life would be so much easier if we could just look at the source code.

Paul
Sun Dec 16 10:39:59 PST 2007

On Sun, 16 Dec 2007 13:03:42 -0500, NJITGS wrote:

> I'll give the readers of this thread the right to draw thier own conclusions
> and opinion about my theory. Thank you...

And what exactly are your qualifications for making up this theory besides
throwing a perfectly good computer in the garbage due to some imagined
virus infection?



--
Paul Adare
MVP - Virtual Machines
http://www.identit.ca
Maybe Computer Science should be in the College of Theology. -- R. S.
Barton

Richard
Sun Dec 16 10:52:03 PST 2007

What is "soft" memory? Please describe same so we can know it as it really
is.

--

Regards,

Richard Urban
Microsoft MVP Windows Shell/User


"NJITGS" <njitgs@verizon.net> wrote in message
news:OBzsSa9PIHA.4272@TK2MSFTNGP06.phx.gbl...
> Anti virus scanners that scan software are one thing, but what about
> virus' that are flashed into the soft memory or other micro chips within a
> computer and hibernate there and execute at any time when the system is
> rebooted?
>
> Antiviral programs and malware removal programs only scan the physical
> hard drive and sometimes (if you have a good malware remol tool) deep scan
> the RAM memory for malicious software. What happens when other memory
> modules become infected and launch at system startup?
>
> Something to ponder for the holidays...
>
> Season's Best!
>
> Elaine Beauxrauxgard-Weiderhoff
>

Shenan
Sun Dec 16 11:30:48 PST 2007

NJITGS wrote:
> Anti virus scanners that scan software are one thing, but what
> about virus' that are flashed into the soft memory or other micro
> chips within a computer and hibernate there and execute at any time
> when the system is rebooted?
> Antiviral programs and malware removal programs only scan the
> physical hard drive and sometimes (if you have a good malware remol
> tool) deep scan the RAM memory for malicious software. What
> happens when other memory modules become infected and launch at
> system startup?
> Something to ponder for the holidays...
>
> Season's Best!
>
> Elaine Beauxrauxgard-Weiderhoff

<snipped>
Entire Thread:
http://groups.google.com/group/microsoft.public.security/browse_frm/thread/cb7ed7fd1f898890/194771d086c21aba?lnk=st&q=author%3ANJITGS#194771d086c21aba

More postings from NJITGS (Elaine Beauxrauxgard-Weiderhoff):
http://groups.google.com/groups/profile?enc_user=yjA7SxIAAACDeS_QIAaljlZaaFC4fwozpbyajUBv9M9XLUB2gqkZmQ



NJITGS wrote:
> I'll give the readers of this thread the right to draw thier own
> conclusions and opinion about my theory. Thank you...

I have to agree with Paul Adare on this one.

What you are describing is just non-existent. Most antivirus applications
(and the OS for that matter) would prevent such infections from occurring...
You do not have the hardware access necessary without warning to do what you
are describing and most antivirus software will catch things trying to
'reside in memory' simply because they have to be READ into that memory in
the first place - thus being scanned in the process.

The weakest factor in computer security is human beings.

At one point you described, "... someone in ... AOL or MSN chat be able to
send a boot code to a computer that reboots it and flashes a virus into it's
soft memory" <- without describing what 'soft memory" was or without
pointing out that the person on the receiving end would need a badly
configured client or bad judgment in accepting and automatically executing
whatever was sent to them by someone they supposedly trusted enough to have
on their IM lists.

The flashing of hardware devices is not something that can be 'just done' -
not to mention that the number of variable involved (different computer
specs, etc) would make such a tool impractical EXCEPT in an attack against a
SPECIFIC single target. If I know you, know your computer system and know
your habits/idiosyncrasies - then maybe I could pull off something like you
describe - on you and a specific computer of yours. It would have to be a
conspiracy against *you* by someone you knew (or someone who has been
quietly collecting a lot of information on you and your stuff for some time
in order to know exactly what/how to do it so it would work.)

In other words - this is just one conspiracy theory that is just unlikely to
happen to any given person on the street.

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html

PA
Sun Dec 16 12:32:09 PST 2007

[Speaking of something not being /right/, it's too bad OE doesn't run
SpielChucker on subject line.]

NJITGS wrote:
> Anti virus scanners that scan software are one thing, but what about
> virus'
> that are flashed into the soft memory or other micro chips within a
> computer
> and hibernate there and execute at any time when the system is rebooted?
>
> Antiviral programs and malware removal programs only scan the physical
> hard
> drive and sometimes (if you have a good malware remol tool) deep scan the
> RAM memory for malicious software. What happens when other memory modules
> become infected and launch at system startup?
>
> Something to ponder for the holidays...
>
> Season's Best!
>
> Elaine Beauxrauxgard-Weiderhoff

NJITGS
Sun Dec 16 13:12:16 PST 2007

To clarify: By soft memory I mean that it is not directly written to a
physical hard disk, -that like anything else stored in a memory chip, it
(the file) is not actually written to the surface of a drive, it is
electrostatically written, -that meaning, like the security sensors on items
in department stores that are deactivated by running them over a magnet.
When a file is written to a physical hard drive it is there permanantly, it
is actually embedded in the media of the disk.

Hope this helps to better understand my theory!

EB-W


"Richard Urban" <richardurbanREMOVETHIS@hotmail.com> wrote in message
news:OXvVATBQIHA.1204@TK2MSFTNGP03.phx.gbl...
> What is "soft" memory? Please describe same so we can know it as it really
> is.
>
> --
>
> Regards,
>
> Richard Urban
> Microsoft MVP Windows Shell/User
>
>
> "NJITGS" <njitgs@verizon.net> wrote in message
> news:OBzsSa9PIHA.4272@TK2MSFTNGP06.phx.gbl...
>> Anti virus scanners that scan software are one thing, but what about
>> virus' that are flashed into the soft memory or other micro chips within
>> a computer and hibernate there and execute at any time when the system is
>> rebooted?
>>
>> Antiviral programs and malware removal programs only scan the physical
>> hard drive and sometimes (if you have a good malware remol tool) deep
>> scan the RAM memory for malicious software. What happens when other
>> memory modules become infected and launch at system startup?
>>
>> Something to ponder for the holidays...
>>
>> Season's Best!
>>
>> Elaine Beauxrauxgard-Weiderhoff
>>
>

Paul
Sun Dec 16 13:48:54 PST 2007

On Sun, 16 Dec 2007 16:12:16 -0500, NJITGS wrote:

> To clarify: By soft memory I mean that it is not directly written to a
> physical hard disk, -that like anything else stored in a memory chip, it
> (the file) is not actually written to the surface of a drive, it is
> electrostatically written, -that meaning, like the security sensors on items
> in department stores that are deactivated by running them over a magnet.
> When a file is written to a physical hard drive it is there permanantly, it
> is actually embedded in the media of the disk.

Wow, you understand even less than I'd thought. Try running a magnet over
your hard drive and see how long your data lasts.

>
> Hope this helps to better understand my theory!

Help to better illustrate that you don't have the faintest idea as to what
you're talking about.

--
Paul Adare
MVP - Virtual Machines
http://www.identit.ca
Brain fried -- core dumped.

Monte
Sun Dec 16 17:55:42 PST 2007

Hopefully, most people will realize that data in these microprocessors must
be "hard coded." In other words, it is simply not possible to write code to
these processors and have it reside on the computer chip. I might be
possible to write code that would intercept commands from something like a
CPU and alter it, but that sort of thing would be picked up by any good
antivirus program.

I suppose that a rogue engineer could plug some weird code into a processor
at the factory, but I am not sure how possible that is. I have always
wondered how secure the microprocessors on a motherboard are when these
motherboards are manufactured at a location other than ones country of
origin. For instance, could someone hide code in a microprocessor that would
execute in the event of a war between two countries. Such code could then
serve as an executable that would remotely send data to some server or
something. That is something that might be interesting to ponder.


"Shenan Stanley" <newshelper@gmail.com> wrote in message
news:OIETqoBQIHA.4880@TK2MSFTNGP03.phx.gbl...
> NJITGS wrote:
>> Anti virus scanners that scan software are one thing, but what
>> about virus' that are flashed into the soft memory or other micro
>> chips within a computer and hibernate there and execute at any time
>> when the system is rebooted?
>> Antiviral programs and malware removal programs only scan the
>> physical hard drive and sometimes (if you have a good malware remol
>> tool) deep scan the RAM memory for malicious software. What
>> happens when other memory modules become infected and launch at
>> system startup?
>> Something to ponder for the holidays...
>>
>> Season's Best!
>>
>> Elaine Beauxrauxgard-Weiderhoff
>
> <snipped>
> Entire Thread:
> http://groups.google.com/group/microsoft.public.security/browse_frm/thread/cb7ed7fd1f898890/194771d086c21aba?lnk=st&q=author%3ANJITGS#194771d086c21aba
>
> More postings from NJITGS (Elaine Beauxrauxgard-Weiderhoff):
> http://groups.google.com/groups/profile?enc_user=yjA7SxIAAACDeS_QIAaljlZaaFC4fwozpbyajUBv9M9XLUB2gqkZmQ
>
>
>
> NJITGS wrote:
>> I'll give the readers of this thread the right to draw thier own
>> conclusions and opinion about my theory. Thank you...
>
> I have to agree with Paul Adare on this one.
>
> What you are describing is just non-existent. Most antivirus applications
> (and the OS for that matter) would prevent such infections from
> occurring... You do not have the hardware access necessary without warning
> to do what you are describing and most antivirus software will catch
> things trying to 'reside in memory' simply because they have to be READ
> into that memory in the first place - thus being scanned in the process.
>
> The weakest factor in computer security is human beings.
>
> At one point you described, "... someone in ... AOL or MSN chat be able to
> send a boot code to a computer that reboots it and flashes a virus into
> it's soft memory" <- without describing what 'soft memory" was or without
> pointing out that the person on the receiving end would need a badly
> configured client or bad judgment in accepting and automatically executing
> whatever was sent to them by someone they supposedly trusted enough to
> have on their IM lists.
>
> The flashing of hardware devices is not something that can be 'just
> done' - not to mention that the number of variable involved (different
> computer specs, etc) would make such a tool impractical EXCEPT in an
> attack against a SPECIFIC single target. If I know you, know your
> computer system and know your habits/idiosyncrasies - then maybe I could
> pull off something like you describe - on you and a specific computer of
> yours. It would have to be a conspiracy against *you* by someone you knew
> (or someone who has been quietly collecting a lot of information on you
> and your stuff for some time in order to know exactly what/how to do it so
> it would work.)
>
> In other words - this is just one conspiracy theory that is just unlikely
> to happen to any given person on the street.
>
> --
> Shenan Stanley
> MS-MVP
> --
> How To Ask Questions The Smart Way
> http://www.catb.org/~esr/faqs/smart-questions.html
>

Richard
Mon Dec 17 12:50:40 CST 2007

Nothing is embedded in a hard drive, other than the magnetic coating that is
applied during manufacture. A hard drive works on the same principal as
cassette tapes. Data is stored in a circular magnetic track which is read
by the drive heads. The magnetic fields on the drive platters create an emf
in the drive head and are interpreted as 0 and 1's. This, in turn, is fed to
the drive electronics where it is amplified and processed.

A strong magnetic field will erase a hard drive just as it would a cassette
tape. No 0's and 1's = no data.

You are postulating about a subject without having the requisite knowledge
to do so successfully.

--

Regards,

Richard Urban
Microsoft MVP Windows Shell/User


"NJITGS" <njitgs@verizon.net> wrote in message
news:%23GVeXhCQIHA.3532@TK2MSFTNGP04.phx.gbl...
> To clarify: By soft memory I mean that it is not directly written to a
> physical hard disk, -that like anything else stored in a memory chip, it
> (the file) is not actually written to the surface of a drive, it is
> electrostatically written, -that meaning, like the security sensors on
> items in department stores that are deactivated by running them over a
> magnet. When a file is written to a physical hard drive it is there
> permanantly, it is actually embedded in the media of the disk.
>
> Hope this helps to better understand my theory!
>
> EB-W
>
>
> "Richard Urban" <richardurbanREMOVETHIS@hotmail.com> wrote in message
> news:OXvVATBQIHA.1204@TK2MSFTNGP03.phx.gbl...
>> What is "soft" memory? Please describe same so we can know it as it
>> really is.
>>
>> --
>>
>> Regards,
>>
>> Richard Urban
>> Microsoft MVP Windows Shell/User
>>
>>
>> "NJITGS" <njitgs@verizon.net> wrote in message
>> news:OBzsSa9PIHA.4272@TK2MSFTNGP06.phx.gbl...
>>> Anti virus scanners that scan software are one thing, but what about
>>> virus' that are flashed into the soft memory or other micro chips within
>>> a computer and hibernate there and execute at any time when the system
>>> is rebooted?
>>>
>>> Antiviral programs and malware removal programs only scan the physical
>>> hard drive and sometimes (if you have a good malware remol tool) deep
>>> scan the RAM memory for malicious software. What happens when other
>>> memory modules become infected and launch at system startup?
>>>
>>> Something to ponder for the holidays...
>>>
>>> Season's Best!
>>>
>>> Elaine Beauxrauxgard-Weiderhoff
>>>
>>
>
>