LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   General (http://www.linuxquestions.org/questions/general-10/)
-   -   Where can trojans/viruses hide on a hard drive? (http://www.linuxquestions.org/questions/general-10/where-can-trojans-viruses-hide-on-a-hard-drive-4175449876/)

papercut36 02-12-2013 03:54 PM

Where can trojans/viruses hide on a hard drive?
 
Hello,

I've used Dban to wipe a hard drive.

Where else can trojans/viruses hide?

Is it possible to infect the actual bios of a computer or other area? If so, can this be solved by updating to the latest bios version?

Are there any online antivirus vendors that scan all area's of a computer?

Thanks

yooy 02-12-2013 04:11 PM

some viruses spread on external hard drive, Usb key or stay online on your Mail inbox.. I use Avira free antivirus that should do the job just fine. Forget bios, as you won't stuck a game in bios, same virus won't stuck itself in bios or partition table.

papercut36 02-12-2013 04:48 PM

Thanks yooy :)

unSpawn 02-12-2013 05:39 PM

Quote:

Originally Posted by yooy (Post 4890221)
I use Avira free antivirus that should do the job just fine.

"just fine" is relative and like "don't worry" doesn't say anything about the quality of the detection engine or the accuracy and speed of updates.


Quote:

Originally Posted by yooy (Post 4890221)
Forget bios, as you won't stuck a game in bios, same virus won't stuck itself in bios or partition table.

BIOS viruses do exist: see CIH, search CanSecWest for Core Security's 2009 BIOS presentation or else see the more recent Mebromi. If one suspects BIOS tampering the first measure should be to flash it, not "forget" it.


@OP: I take it this isn't a Linux question so I'll be moving this thread to the Genral forum RSN.

yooy 02-12-2013 08:10 PM

I've read about CIH on wikipedia and it seems it only corrupts BIOS, not infects BIOS, but that may not be the case with Mebromi.. So be careful, maybe even your BIOS contains a virus. But don't panic.

frankbell 02-12-2013 08:41 PM

Back in the olden days, when I was a young 'un, MBR viruses used to be common. They were commonly spread from the MBRs of infected floppies, so I think they've pretty much disappeared, though you can still google instructions for removing them.

unSpawn 02-13-2013 06:06 AM

Quote:

Originally Posted by frankbell (Post 4890386)
They were commonly spread from the MBRs of infected floppies, so I think they've pretty much disappeared

Riddle me this then: how come the latest BIOS infector was detected in 2011?

sundialsvcs 02-13-2013 07:00 AM

I generally discourage the use of "biological" metaphors. They're popular but not accurate.

If you happen to walk into the elevator right after someone who's got Ebola walked out, you might be screwed. But only because of the way that biology works. Computers are machines. One. Zero. Yes. No.

Unfortunately, and especially in the Windows world, people run their machines as users (without passwords!) that "must be obeyed." In other words, a cat-burglar is lurking in a community knowing that every door and window is unlocked. In my experience, even the slightest attempt to actually use the authorization and authentication facilities, which every computer out there has, will stop rogue programs cold. If the file cannot be modified ... that's it.

Usually, and IMHO, exploits exploit a combination of "convenience," "inattentiveness," and simple "laziness." Attacking SSH passwords by brute-force, for example, because the SSH system is foolishly set up to allow passwords. Getting to a site which is uploaded via FTP to a shared system where everyone in the world is part of an "ftpusers" group and every file (yours, or someone else's) is read/writeable. And so on. But the rules of RNA and DNA, of biology, do not apply.

frankbell 02-13-2013 07:32 PM

Quote:

how come the latest BIOS infector was detected in 2011
That's I why used weasel words, like "pretty much."

Is the BIOS actually in the MBR of the hard drive? I thought it was usually on the motherboard.

jefro 02-13-2013 09:28 PM

Malware could exist in any addressable region. That could include any writable area of any device. A device could be the normal storage of a drive or even the small eeprom on the drive. If one wanted to they could use groups of writable areas to make a more substantial malware. I suppose they could do tricks like use the format sectors or even use half or offset sectors to hide it.


As above, a bios is an addressable and writable area.


All times are GMT -5. The time now is 09:25 AM.