LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices

Reply
 
Search this Thread
Old 02-12-2013, 03:54 PM   #1
papercut36
LQ Newbie
 
Registered: Feb 2013
Posts: 0

Rep: Reputation: Disabled
Where can trojans/viruses hide on a hard drive?


Hello,

I've used Dban to wipe a hard drive.

Where else can trojans/viruses hide?

Is it possible to infect the actual bios of a computer or other area? If so, can this be solved by updating to the latest bios version?

Are there any online antivirus vendors that scan all area's of a computer?

Thanks
 
Old 02-12-2013, 04:11 PM   #2
yooy
Senior Member
 
Registered: Dec 2009
Posts: 1,114

Rep: Reputation: 127Reputation: 127
some viruses spread on external hard drive, Usb key or stay online on your Mail inbox.. I use Avira free antivirus that should do the job just fine. Forget bios, as you won't stuck a game in bios, same virus won't stuck itself in bios or partition table.
 
Old 02-12-2013, 04:48 PM   #3
papercut36
LQ Newbie
 
Registered: Feb 2013
Posts: 0

Original Poster
Rep: Reputation: Disabled
Thanks yooy
 
Old 02-12-2013, 05:39 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,991
Blog Entries: 54

Rep: Reputation: 2744Reputation: 2744Reputation: 2744Reputation: 2744Reputation: 2744Reputation: 2744Reputation: 2744Reputation: 2744Reputation: 2744Reputation: 2744Reputation: 2744
Quote:
Originally Posted by yooy View Post
I use Avira free antivirus that should do the job just fine.
"just fine" is relative and like "don't worry" doesn't say anything about the quality of the detection engine or the accuracy and speed of updates.


Quote:
Originally Posted by yooy View Post
Forget bios, as you won't stuck a game in bios, same virus won't stuck itself in bios or partition table.
BIOS viruses do exist: see CIH, search CanSecWest for Core Security's 2009 BIOS presentation or else see the more recent Mebromi. If one suspects BIOS tampering the first measure should be to flash it, not "forget" it.


@OP: I take it this isn't a Linux question so I'll be moving this thread to the Genral forum RSN.
 
Old 02-12-2013, 08:10 PM   #5
yooy
Senior Member
 
Registered: Dec 2009
Posts: 1,114

Rep: Reputation: 127Reputation: 127
I've read about CIH on wikipedia and it seems it only corrupts BIOS, not infects BIOS, but that may not be the case with Mebromi.. So be careful, maybe even your BIOS contains a virus. But don't panic.
 
Old 02-12-2013, 08:41 PM   #6
frankbell
Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Debian, Mageia, Mint
Posts: 7,422

Rep: Reputation: 1406Reputation: 1406Reputation: 1406Reputation: 1406Reputation: 1406Reputation: 1406Reputation: 1406Reputation: 1406Reputation: 1406Reputation: 1406
Back in the olden days, when I was a young 'un, MBR viruses used to be common. They were commonly spread from the MBRs of infected floppies, so I think they've pretty much disappeared, though you can still google instructions for removing them.
 
Old 02-13-2013, 06:06 AM   #7
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,991
Blog Entries: 54

Rep: Reputation: 2744Reputation: 2744Reputation: 2744Reputation: 2744Reputation: 2744Reputation: 2744Reputation: 2744Reputation: 2744Reputation: 2744Reputation: 2744Reputation: 2744
Quote:
Originally Posted by frankbell View Post
They were commonly spread from the MBRs of infected floppies, so I think they've pretty much disappeared
Riddle me this then: how come the latest BIOS infector was detected in 2011?
 
Old 02-13-2013, 07:00 AM   #8
sundialsvcs
Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 5,263

Rep: Reputation: 1085Reputation: 1085Reputation: 1085Reputation: 1085Reputation: 1085Reputation: 1085Reputation: 1085Reputation: 1085
I generally discourage the use of "biological" metaphors. They're popular but not accurate.

If you happen to walk into the elevator right after someone who's got Ebola walked out, you might be screwed. But only because of the way that biology works. Computers are machines. One. Zero. Yes. No.

Unfortunately, and especially in the Windows world, people run their machines as users (without passwords!) that "must be obeyed." In other words, a cat-burglar is lurking in a community knowing that every door and window is unlocked. In my experience, even the slightest attempt to actually use the authorization and authentication facilities, which every computer out there has, will stop rogue programs cold. If the file cannot be modified ... that's it.

Usually, and IMHO, exploits exploit a combination of "convenience," "inattentiveness," and simple "laziness." Attacking SSH passwords by brute-force, for example, because the SSH system is foolishly set up to allow passwords. Getting to a site which is uploaded via FTP to a shared system where everyone in the world is part of an "ftpusers" group and every file (yours, or someone else's) is read/writeable. And so on. But the rules of RNA and DNA, of biology, do not apply.
 
Old 02-13-2013, 07:32 PM   #9
frankbell
Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Debian, Mageia, Mint
Posts: 7,422

Rep: Reputation: 1406Reputation: 1406Reputation: 1406Reputation: 1406Reputation: 1406Reputation: 1406Reputation: 1406Reputation: 1406Reputation: 1406Reputation: 1406
Quote:
how come the latest BIOS infector was detected in 2011
That's I why used weasel words, like "pretty much."

Is the BIOS actually in the MBR of the hard drive? I thought it was usually on the motherboard.
 
Old 02-13-2013, 09:28 PM   #10
jefro
Guru
 
Registered: Mar 2008
Posts: 11,116

Rep: Reputation: 1362Reputation: 1362Reputation: 1362Reputation: 1362Reputation: 1362Reputation: 1362Reputation: 1362Reputation: 1362Reputation: 1362Reputation: 1362
Malware could exist in any addressable region. That could include any writable area of any device. A device could be the normal storage of a drive or even the small eeprom on the drive. If one wanted to they could use groups of writable areas to make a more substantial malware. I suppose they could do tricks like use the format sectors or even use half or offset sectors to hide it.


As above, a bios is an addressable and writable area.

Last edited by jefro; 02-13-2013 at 09:29 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Removing trojans from hidden trailing sectors of hard drive. mazinoz Linux - Security 19 10-07-2009 10:39 AM
Removing trojans from hidden trailing sectors of hard drive. (harddisk residue virus) sundialsvcs Linux - Security 2 08-25-2009 11:20 AM
Trojans, viruses, worms | How vulnerable is Linux the_gripmaster Linux - Security 14 03-08-2007 03:24 PM
trojans and viruses bondoq Linux - Networking 4 07-11-2006 05:12 PM
Linux to kill windoze viruses, worms, trojans, spywares, etc. carboncopy Linux - Software 4 03-04-2005 09:09 AM


All times are GMT -5. The time now is 10:46 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration