PCI Rootkit

Posted on November 19, 2006 by Dragan Pleskonjic

John Heasman, a security researcher at Next-Generation Security Software, released a paper titled “Implementing and Detecting a PCI Rootkit” describing a way to hide malicious code on graphics and network cards in such a way as to avoid detection and survive a full re-installation of the operating system.

The paper (PDF), published on Wednesday, builds on the work presented by Heasman earlier this year, describing ways to use the Advanced Configuration and Power Interface (ACPI) functions available on almost all motherboards to store and run a rootkit that could survive a reboot. The current paper outlines ways to use the expansion memory available on Peripheral Component Interconnect (PCI) cards, such as graphics cards and network cards.

Source: SecurityFocus.

Read full paper here.

Share

About Dragan Pleskonjic

Chief Security Officer, University Lecturer, Entrepreneur, Security Researcher, Security Architect & Adviser, Software Development Manager. More info about Dragan Pleskonjic.
This entry was posted in Malicious Software. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>