[Full-Disclosure] MyDoom bios infection
Frank Knobbe
frank at knobbe.us
Thu Jan 29 17:30:39 GMT 2004
On Thu, 2004-01-29 at 03:14, Ferris, Robin wrote:
> >It was also unknown that the virus infects the BIOS of the computer it
> >infects by injecting a 624bytes backdoor written in FORTH which will open
> >port tcp when Mydoom will be executed AFTER febuary 12.
Although code in BIOS could interact with your network card, it would
require the correct driver routines for your particular card. Does the
virus come with network card drivers for a variety of cards? No? Then
BIOS code won't open a TCP port.
Regards,
Frank
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040129/681d08a4/attachment.bin
Full-Disclosure is hosted and sponsored by Secunia.