Computerworld - The malicious code enters your network undetected, rapidly infecting more than 100 machines. But this is no ordinary virus. Your antivirus and disk recovery tools can't help, because the disk drives won't spin up at all. The drives are toast. The PCs are completely inoperable.
The era of microcode attacks has begun.
Could viruses really attack the low-level microcode that makes disk drives run? It's entirely possible, disk technology experts say. Dimitri Postrigan knows how such a virus might be created -- but he's not telling. Postrigan reverse-engineers and programs hard disk drives at ActionFront Data Recovery Labs.
He says each disk drive has its own internal operating system that enables the device to start up. The operating system microcode resides in a special system area of the disk. "A virus could be written which would destroy the whole system area on a drive. This will make the drive and data almost unrecoverable," Postrigan says.
That nightmare scenario also bothers Ben Carmitchel, president of ESS Data Recovery. "In the data recovery industry, we've been waiting around for this to happen. We've written programs to restore hard drives. We could easily write a program to destroy [them]," he says. He worries that others with fewer scruples could create a fast-spreading virus that causes massive destruction of data.
The idea of a microcode attack goes beyond hard drives, says Thor Larholm, senior security researcher at PivX Solutions. Microcode is found in other PC components, including graphics cards, the BIOS and the CPU. Both Intel and AMD offer microcode utilities, complete with source code that could be used to physically damage a CPU by severely overclocking it, Larholm says.
So, why haven't such exploits been more common? Fortunately, it's not that easy to do. Viruses thrive on homogeneity. While all PCs may look the same at the Windows level, at the machine level, things can be very different, making a broad attack more difficult to pull off.
Years ago, someone wrote a virus that attempted to overwrite the flash memory area of a PC's BIOS, but its success was limited because there are so many different BIOS implementations, says Sean Barry, remote data recovery manager at Ontrack Data Recovery.
Similarly, the way in which one accesses the service area of a hard disk varies by manufacturer. That means a virus would have to include code for each brand its creator wanted to target. The proprietary tools and codes required also aren't readily available to the layperson. Postrigan says he personally has tried to find such information on the Internet and through
- Top 10 Reasons to Strengthen Information Security with Desktop Virtualization Regain control and reduce risk without sacrificing business productivity and growth
- Preventing Sophisticated Attacks: Anti-Evasion & Advanced Evasion Techniques McAfee Next Generation Firewall applies sophisticated analysis techniques specifically to detect advanced evasion techniques (AET).
- The Security Industry's Dirty Little Secret The debate over advanced evasion techniques (AETs) This report summarizes the findings of a McAfee commissioned research group to determine the level of understanding IT security professionals have about AETs...
- Demand More, Get the Most from the Move to a Next-Generation Firewall Beyond the basics in a next generation firewall, to protect your investment you should demand other valuable features: intrusion prevention, contextual rules, advanced...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!