Site menu:

Categories

Tags

Site search

 

May 2005
M T W T F S S
    Jun »
 1
2345678
9101112131415
16171819202122
23242526272829
3031  

Archives

Links:

Camera, viruses

Well today I finally order a digital camera. For the upcoming holiday I didn”t think the Canon EOS 600 SLR was really that suitable. The lovely Canon IXUS 700 should do nicely.

Thought for the day (an old thought this one). People get worried about computer viruses, but really, they cause _very_ little harm in comparison with what they can do. There have been viruses which break your computer (by mangling the BIOS normally), or corrupting your data slowly (so that by the time you realise you don”t have any valid backups). There are even viruses that infect network shares or upload your sensitive data (such as credit card details) to the virus author.

However I wish to describe a feature which could be even worse as unless it is protected against at a network level (by disabling network boot from unknown network ports), it can bypass all anti-virus software on most modern computers. This feature is called “network booting” (normally PXEboot, but other methods exist). You could even combine this with a tool such as “etherwake” to cripple large organisations overnight. The way it would work would be like this:

  • a desktop machine gets infected
  • this machine starts listening to network traffic, detecting the unique network address (MAC address) of any machines
  • having this list of addresses, it waits until a suitable time (say 2am), then remote “etherwakes” all of these machines (there is normally no password protection applied to machines to prevent this)
  • when most PCs boot (particularly business PCs), they try and boot from the network, the infected machine will answer this call (possibly after performing a denial-of-service attack on the “official” netboot server if one exists, although this may trigger an alert to ops)
  • the infected machine will send the victim machines a boot image that delivers the payload.
  • this payload (probably linux based as netbooting windows would be a royal pain) could infect the machine, then shut it down (so the user is unaware of any changes), or perhaps cause a complete wipe of the machine in question

This sort of attack could wipe out an entire subnet of computers (typically upto 253) with ease. After all we use exactly the same technique to install boxes for customers. If combined with other vectors, this could cause major problems - after all at many places rebuilding PCs is even worse than rebuilding servers due to poor or non-existent backups.

Posted: May 23rd, 2005 under Idea, Life.
Comments: none

Write a comment