Message boards :
Number crunching :
New Linux rootkit leverages GPUs to hide
Message board moderation
Author | Message |
---|---|
Dr Who Fan Send message Joined: 8 Jan 01 Posts: 3208 Credit: 715,342 RAC: 4 |
New Linux rootkit leverages GPUs to hide The Jellyfish proof-of-concept rootkit uses the processing power of graphics cards and runs in their dedicated memory A team of developers has created a rootkit for Linux systems that uses the processing power and memory of graphics cards instead of CPUs in order to remain hidden. |
ML1 Send message Joined: 25 Nov 01 Posts: 20265 Credit: 7,508,002 RAC: 20 |
New Linux rootkit leverages GPUs to hide Thanks for that one, rather good, and all forged by the leading edge of Linux! ;-) Also note: Users probably shouldn't worry about criminals using GPU-based malware just yet, but proof-of-concepts like Jellyfish and Demon could inspire future developments. It's usually just a matter of time before attacks devised by researchers are adopted by malicious attackers. Had to happen at some point as "GPGPU" usage becomes more general. The race is now on for all systems to protect against such abuse. My own favored methods are to ensure that "by design" and definitely NOT by use of wastefully harmful "anti-virus" falling prey to false hopes... IT is what we make it! Martin See new freedom: Mageia Linux Take a look for yourself: Linux Format The Future is what We all make IT (GPLv3) |
BilBg Send message Joined: 27 May 07 Posts: 3720 Credit: 9,385,827 RAC: 0 |
I don't think this rootkit can travel from 'infected' GPU memory directly to another system's GPU memory. It have to use the usual means of spreading (through CPU memory, disk/file, network) - e.g. by luring people to Download some file and run it. So it's just a matter of adding signatures and/or heuristic to existing Antiviruses (by normal means of signatures/modules update, no need for a new kind of Antivirus to detect just a normal file before it is run/at the moment it is written to disk) But since Linux people don't think they need Antivirus ... Â - ALF - "Find out what you don't do well ..... then don't do it!" :) Â |
David Anderson (not *that* DA) Send message Joined: 5 Dec 09 Posts: 215 Credit: 74,008,558 RAC: 74 |
We don't need no stinking ...! Never mind. (insert usual hope that limited Linux user base makes us less interesting...) We do have rkhunter and chkrootkit that check for some things. Hmm. I should build latest chkrootkit as it may be 9 months old, but it is newer than what Ubuntu current Long Term Stable release has. Security researchers I respect suggest AV is effective on maybe 50% of Windows viruses (yikes). I also believe the labels on grocery products, so I guess that makes me gullible :-) |
David Anderson (not *that* DA) Send message Joined: 5 Dec 09 Posts: 215 Credit: 74,008,558 RAC: 74 |
To get chkrootkit 0.50 to build I changed %ld to %d, two places. Neither 32- nor 64- bit Ubuntu uid are type 'long' in 14.04. Found 3 suspicious apps running without a terminal... Oh. Just Einstein on GPUs. stopped boinc and that warning went away. Restarted boinc. |
©2024 University of California
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.