New virus attacks AMD processors

[nobody]

http://www.vnunet.com/vnunet/news/2163054/virus-attacks-amd-processors

There are quite a few questions:

- Could it really be true? It's not 04/01

- IF true, then are the guys that wrote it INTC fanboys? Or they were
paid to target AMD?

- Is Intel inherently virus-proof, or it could be targeted as well?

NNN

 

[Grant Schoep]

http://www.vnunet.com/vnunet/news/2163054/virus-attacks-amd-processors

There are quite a few questions:

- Could it really be true? It's not 04/01

- IF true, then are the guys that wrote it INTC fanboys? Or they were
paid to target AMD?

- Is Intel inherently virus-proof, or it could be targeted as well?

NNN

Interesting. It sounds to me as its very AMD target'ed. As 'very' means
specific AMD cpu's. I think it is a low level risk. But, the dangers of
firmware-like viruses is high. Hard to control hardware....

But, like most everything. Its a boon for the anti-virus campanies. Viruses
happen. Hell, someday I'll be the guy that clicks on the virus. I remember
my first job. Cool tech copany, 1999 era,Bay area, very smart company
founder, when I heard him yell "oh shit. damnit what a f&^% idiot" He then
came into my office, I was one of two sys-admins at the time.

He got an email with an oddly-named attachment. From a friend, he first
thought it was a funny joke. He read the name, "IloveYou" executed it, and
about 1 second after exceuting it thought. f&&k

We gave him lots of shit for that. Still do.

 

[Yousuf Khan]

Interesting. It sounds to me as its very AMD target'ed. As 'very' means
specific AMD cpu's. I think it is a low level risk. But, the dangers of
firmware-like viruses is high. Hard to control hardware....

It's all a big misunderstanding:

AMD 'Virus' is no AMD virus at all
http://www.theinquirer.net/default.aspx?article=33999

Somebody figured "AMD64" meant AMD-only. It was just meant generically
for x86-64.

Yousuf Khan

 

[George Macdonald]

It's all a big misunderstanding:

AMD 'Virus' is no AMD virus at all
http://www.theinquirer.net/default.aspx?article=33999

Somebody figured "AMD64" meant AMD-only. It was just meant generically
for x86-64.

Yeah but this guy "Vincent Weafer, senior director of Symantec's Security
Response Group" should have known better... but apparently not. WTF kind
of tech director is he if he doesn't know that Intel makes EM64T
processors? According to him: Inetl 64-bit == Itanium. What a doof!

 

[Jan Panteltje]

Yeah but this guy "Vincent Weafer, senior director of Symantec's Security
Response Group" should have known better... but apparently not. WTF kind
of tech director is he if he doesn't know that Intel makes EM64T
processors? According to him: Inetl 64-bit == Itanium. What a doof!

Or he is in some way on Intell payroll? <---- this is a question mark.

Seems a silly attack towards AMD , and AMD could even sue.

 

[YKhan]

Yeah but this guy "Vincent Weafer, senior director of Symantec's Security
Response Group" should have known better... but apparently not. WTF kind
of tech director is he if he doesn't know that Intel makes EM64T
processors? According to him: Inetl 64-bit == Itanium. What a doof!

So far, there isn't a lot of info on what exactly this virus is
supposedly doing. Initially I heard that this virus was supposedly able
to bypass security under all operating systems that run under these
processors. This indicated to me that perhaps it was similar to the
proof of concept virus (trojan-horse actually) presented a couple of
months back where somebody created a program masquerading as a
virtual-machine hypervisor, which could have access to the memory areas
of all operating systems running underneath it. This was a
virtualization virus.

However, the name of the virus is w32.bounds & w64.bounds, tentatively.
This means it's a Windows-only virus, not Linux, Solaris, or anything
else. So now we're hearing that in order for this virus to work it has
to exploit a hole in Windows to enter at the processor level. So it
doesn't seem like it's quite the all-encompassing virus they were
making it out to be. So what exactly is it attacking at the processor
level if not virtualization?

Yousuf Khan

 

[nobody]

Or he is in some way on Intell payroll? <---- this is a question mark.

Seems a silly attack towards AMD , and AMD could even sue.

It's not so simple. Would be great for AMD antitrust suit if there
was any proof to "he is in some way on Intel payroll", but chances to
find one that the judge would accept into evidence are *negligibly*
small.

Suing on the basis of this "silly attack towards AMD" as such would
have no merit unless any monetary damages directly resulting from it
can be proven. IIRC, the estate (read - parents) of Nicole Simpson
sued OJ Simpson for the cost of cleaning blood-stained dress ($1) -
and million$ in punitive damages.

It would be great if this exec personally (not the corporation) was
slammed with a noticeable amount in damages, but I can't see it happen
;-(

NNN

 

[YKhan]

Or he is in some way on Intell payroll? <---- this is a question mark.

Seems a silly attack towards AMD , and AMD could even sue.

I think this may be a case of the shoe is on the other foot here.
Before when it used to be called "Intel architecture", it was Intel who
would get all of the blame, even if it affected AMD processors too. Now
that it's called "AMD architecture", AMD gets blamed. Intel probably
preferred that all of the glory went to "Intel ia32 architecture",
whereas all the blame should be dumped on the generic "x86
architecture". I'm sure AMD would like the same thing, send glorymail
to address "AMD64 architecture", send blamemail to address "x64
architecture".

Yousuf Khan

 

[AD.]

Yeah but this guy "Vincent Weafer, senior director of Symantec's Security
Response Group" should have known better... but apparently not. WTF kind
of tech director is he if he doesn't know that Intel makes EM64T
processors? According to him: Inetl 64-bit == Itanium. What a doof!

Do you really expect any better from Symantec?

They seem to be the Computer Associates of the new millenium.

 

[Tony Hill]

It's all a big misunderstanding:

"misunderstanding" is putting it VERY nicely. A much better
description is "complete and utter stupidity". I'm not sure which is
worse, the fact that Symantec's security director having absolutely no
idea what he's talking about, or the fact that these Vnunet people
published a story that was blatantly obviously wrong! It took all of
about 5 seconds of reading the description of this virus to see that
it has ABSOLUTELY NOTHING to do with processors!

AMD 'Virus' is no AMD virus at all
http://www.theinquirer.net/default.aspx?article=33999

Somebody figured "AMD64" meant AMD-only. It was just meant generically
for x86-64.

It's bad enough to mistake WinXP "AMD64" as being AMD-only, but they
also claimed that it was specifically going to target 32-bit AMD
processors!

There is just no excuse for that level of stupidity!

 

[Tony Hill]

So far, there isn't a lot of info on what exactly this virus is
supposedly doing.

Sure there is, it uses the Win32 or Win64 API functionality of
"binding" executable and DLL files. You can find some info about this
concept here:

http://msdn.microsoft.com/msdnmag/issues/02/03/PE2/default.aspx

Basically the virus uses this binding functionality to hide where it's
actually reading the malicious code from.

Initially I heard that this virus was supposedly able
to bypass security under all operating systems that run under these
processors.

Nope. Absolutely zero processor-level code. Strictly Windows stuff.

However, the name of the virus is w32.bounds & w64.bounds, tentatively.
This means it's a Windows-only virus, not Linux, Solaris, or anything
else. So now we're hearing that in order for this virus to work it has
to exploit a hole in Windows to enter at the processor level. So it
doesn't seem like it's quite the all-encompassing virus they were
making it out to be. So what exactly is it attacking at the processor
level if not virtualization?

Absolutely nothing, just a lot of stupidity on the part of the article
writers and that Symantec dude. Proof yet again that no one in their
right mind should buy Symantec products?

 

[Yousuf Khan]

Absolutely nothing, just a lot of stupidity on the part of the article
writers and that Symantec dude. Proof yet again that no one in their
right mind should buy Symantec products?

Unfortunately, Symantec bought out a semi-competent Unix middleware
company, Veritas, so some have got no choice but to deal with them now.

Yousuf Khan

 

[Tony Hill]

Unfortunately, Symantec bought out a semi-competent Unix middleware
company, Veritas, so some have got no choice but to deal with them now.

Symantec has bought out LOTS of semi-competent companies. However
they usually don't stay at all competent for very long after the
buyout. Any time I see that Symantec has bought out a company that
makes I product I use, it's a sign for me to start looking for
alternatives!

 

[George Macdonald]

Symantec has bought out LOTS of semi-competent companies. However
they usually don't stay at all competent for very long after the
buyout. Any time I see that Symantec has bought out a company that
makes I product I use, it's a sign for me to start looking for
alternatives!

Agree on Symantec - they'll get no more of my $$. Any preference you have
for a good AV package? I need to get a 20-25pack license for the office
and it's awfully hard to decide - the "reviews" are useless.

 

[Stuart Krivis]

Agree on Symantec - they'll get no more of my $$. Any preference you have
for a good AV package? I need to get a 20-25pack license for the office
and it's awfully hard to decide - the "reviews" are useless.

I use NOD32 at home, although I don't know what their admin tools are
like for business multi-computer use are like.

Kaspersky, F-Secure, and Sophos are quite good, and their admin tools
seem good too.

 

[George Macdonald]

I use NOD32 at home, although I don't know what their admin tools are
like for business multi-computer use are like.

Kaspersky, F-Secure, and Sophos are quite good, and their admin tools
seem good too.

Based on what criteria though? They've all been panned or praised by
somebody or other. F-Secure only wants to sell through authorized
distributors... kinda like a time-warp into the '80s.

Thanks for the tip on NOD32 - odd how none of the PCmag sites even looked
at it... but there are some rave reviews by end-users. I think I might
give the demo a whirl.