Full Disclosure mailing list archives
Re: MyDoom bios infection
From: Frank Knobbe <frank () knobbe us>
Date: Thu, 29 Jan 2004 11:30:39 -0600
On Thu, 2004-01-29 at 03:14, Ferris, Robin wrote:
It was also unknown that the virus infects the BIOS of the computer it infects by injecting a 624bytes backdoor written in FORTH which will open port tcp when Mydoom will be executed AFTER febuary 12.
Although code in BIOS could interact with your network card, it would require the correct driver routines for your particular card. Does the virus come with network card drivers for a variety of cards? No? Then BIOS code won't open a TCP port. Regards, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- MyDoom bios infection Ferris, Robin (Jan 29)
- Re: MyDoom bios infection Frank Knobbe (Jan 29)
- Re: MyDoom bios infection Ben Nelson (Jan 29)
- Re: MyDoom bios infection Frank Knobbe (Jan 29)
- Re: MyDoom bios infection Juari Bosnikovich (Jan 29)
- Re: MyDoom bios infection Frank Knobbe (Jan 29)
- Re: MyDoom bios infection Ben Nelson (Jan 29)
- <Possible follow-ups>
- Re: MyDoom bios infection Ian Latter (Jan 29)
- RE: MyDoom bios infection Dan Bolton (Jan 29)
- Re: MyDoom bios infection Frank Knobbe (Jan 29)