Nathan Davis28 August 2006, 12:09 PM
A new proof-of-concept virus targeted at a certain architectural flaw in most modern CPUs can take almost complete, low-level control of a system.
A new proof-of-concept virus recently submitted to Symantec demonstrates that a virus targeted at a certain architectural flaw in most modern CPUs could take almost complete, low-level control of a system.
It can bypass authentication measures without detection, all while stealthily proliferating itself throughout the infected system.
Did you hear that? It was as if a thousand evil code monkeys excitedly clamored very loudly on their keyboards.
What's worse (or more exciting, depending on your inclination) is that this is not a niche flaw, as it reportedly extends out to both Intel and AMD processors, although we have not yet been made aware of which ones are affected.
Generally due to their ease of creation and propagation, viruses targeted directly at popular operating systems, such as Windows, are predominant. This is quite unlike those targeted specifically at certain chip architectures where flaws in a CPU are the goal. As a result, these don't come by all that often. Because the virus is a proof-of-concept, Symantec has labeled this as low risk.
Ordinarily, targeting an architectural flaw would result in a very limited and restricted attack, but here we have two of the most purchased desktop CPU brands that contain the flaw. According to Symantic's senior director of development, Vincent Weafer, processors from AMD are the most at risk of allowing infection due to the closer similarities between its 32-bit and 64-bit architectures, as opposed to Intel's. As a result, packaging the two variants of the virus would be easier.
If this found its way into the hands of malicious virus writers, the resulting surreptitious virus would be extremely difficult to locate in order to eradicate. It hides itself in existing executable files and when it is running, can essentially gain complete control of a system.
As this isn't considered a chip-level virus, instead relying on what speculatively seems to be a flaw in the Windows execution routine, we are not yet certain if this has an effect on other such systems running, for example, Linux or even Mac OS.
Weafer isn't convinced that this can become a widespread problem, stating that it's really only '...for a very targeted attack or an academic attack.'
AMD Australia was not immediately available for comment on the issue.