Computerworld - The malicious code enters your network undetected, rapidly infecting more than 100 machines. But this is no ordinary virus. Your antivirus and disk recovery tools can't help, because the disk drives won't spin up at all. The drives are toast. The PCs are completely inoperable.
The era of microcode attacks has begun.
Could viruses really attack the low-level microcode that makes disk drives run? It's entirely possible, disk technology experts say. Dimitri Postrigan knows how such a virus might be created -- but he's not telling. Postrigan reverse-engineers and programs hard disk drives at ActionFront Data Recovery Labs.
He says each disk drive has its own internal operating system that enables the device to start up. The operating system microcode resides in a special system area of the disk. "A virus could be written which would destroy the whole system area on a drive. This will make the drive and data almost unrecoverable," Postrigan says.
That nightmare scenario also bothers Ben Carmitchel, president of ESS Data Recovery. "In the data recovery industry, we've been waiting around for this to happen. We've written programs to restore hard drives. We could easily write a program to destroy [them]," he says. He worries that others with fewer scruples could create a fast-spreading virus that causes massive destruction of data.
The idea of a microcode attack goes beyond hard drives, says Thor Larholm, senior security researcher at PivX Solutions. Microcode is found in other PC components, including graphics cards, the BIOS and the CPU. Both Intel and AMD offer microcode utilities, complete with source code that could be used to physically damage a CPU by severely overclocking it, Larholm says.
So, why haven't such exploits been more common? Fortunately, it's not that easy to do. Viruses thrive on homogeneity. While all PCs may look the same at the Windows level, at the machine level, things can be very different, making a broad attack more difficult to pull off.
Years ago, someone wrote a virus that attempted to overwrite the flash memory area of a PC's BIOS, but its success was limited because there are so many different BIOS implementations, says Sean Barry, remote data recovery manager at Ontrack Data Recovery.
Similarly, the way in which one accesses the service area of a hard disk varies by manufacturer. That means a virus would have to include code for each brand its creator wanted to target. The proprietary tools and codes required also aren't readily available to the layperson. Postrigan says he personally has tried to find such information on the Internet and through
- Troubleshooting Common Issues in VoIP Learn more about Voice over Internet Protocol (VoIP), including common VoIP metrics used, best practices in VoIP management and tips and tricks for...
- 2013 Network Management Software (NMS) Buyers Guide This white paper contains an independent comparison study of six different network management solutions and provides guidance on how you can choose the...
- Rightsizing Your Network Performance Management Solution: 4 Case Studies This white paper discusses challenges encountered as organizations search for the most cost-effective network performance management solution.
- Global Growing Pains: Tapping into B2B Integration Services to Overcome Global Expansion Challenges A recent survey by IDG Research explored both the challenges and pain points companies face when growing globally, as well as the capabilities...
- E-Signature RFP Checklist Webcast If your organization is looking to adopt e-signatures, you may be overwhelmed by the number of providers that offer seemingly similar solutions. How...
- Cloud and Collaboration: Driving Your Business Value Mission Critical Cloud from Peer 1 Hosting is enterprise-grade. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!