Author Topic: GPU Viruses  (Read 3800 times)

0 Members and 1 Guest are viewing this topic.

WhiteZero

  • Guest
GPU Viruses
« on: September 29, 2010, 04:20:02 AM »

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: GPU Viruses
« Reply #1 on: September 29, 2010, 07:51:53 AM »
Nice concept but not gonna happen anytime soon... it's just too small userbase, too many dependences, too many possible bugs. Just not gonna happen.
Visit my webpage Angry Sheep Blog

WhiteZero

  • Guest
Re: GPU Viruses
« Reply #2 on: September 29, 2010, 04:50:50 PM »
Nice concept but not gonna happen anytime soon... it's just too small userbase, too many dependences, too many possible bugs. Just not gonna happen.

Gee, how many times have we heard this in the security world and then got screwed over...   ::)

This is not the attitude to have for a security company.
Sure, it is just a concept right now. But hackers love to make proof-of-concepts, release that to the public, them we get hit with new security threats.

If avast wasn't to get/stay on stop, they need to at least be aware of this and have some sort of plan.
« Last Edit: September 29, 2010, 04:53:18 PM by WhiteZero »

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
Re: GPU Viruses
« Reply #3 on: September 29, 2010, 05:32:13 PM »
And what's so special about these GPU viruses? I mean, it can simply be detected by a signature or checksum, just as any other file. It doesn't matter whether it's meant for current CPU, for current GPU... or for a CPU ten years in the future on a different planet.

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: GPU Viruses
« Reply #4 on: September 29, 2010, 05:35:46 PM »
What igor said. The binary has to arrive to the system somehow. It can't just magically appear inside graphic card memory and make magical changes to the system.
Visit my webpage Angry Sheep Blog

WhiteZero

  • Guest
Re: GPU Viruses
« Reply #5 on: September 29, 2010, 06:50:22 PM »
And what's so special about these GPU viruses? I mean, it can simply be detected by a signature or checksum, just as any other file. It doesn't matter whether it's meant for current CPU, for current GPU... or for a CPU ten years in the future on a different planet.

From the end of the white-paper:
Quote
The rapid evolution of general-purpose computing on graphics processors enables malware authors to take advantage of the GPU present in modern personal computers and increase the robustness of their code against existing defenses. The code armoring techniques presented in this paper—GPU-based unpacking and runtime polymorphism—not only demonstrate the feasibility of GPU-assisted malware, but also show the great potential that general-purpose computing on GPUs has in enhancing the evasiveness and functionality of malicious code. Both techniques have been implemented and tested using existing graphics hardware...


From an article on The Register regarding this topic:
Quote
“Implementing the self-unpacking functionality of a malware binary using GPU code can pose significant obstacles to current malware detection and analysis systems,” the scientists wrote in a research paper scheduled to be presented next month at the IEEE's International Conference on Malicious and Unwanted Software.



I'm not quite technically inclined enough to understand the code-level ramifications of this, but I'd suggest those of you who could should actually read the white-paper.

The topic has got a lot of press, I urge avast not to just shrug it off.
« Last Edit: September 29, 2010, 07:00:58 PM by WhiteZero »

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
Re: GPU Viruses
« Reply #6 on: September 29, 2010, 07:07:31 PM »
OK, polymorphic malware might be a little tricky (it always is) - but generally, it's just another platform.

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: GPU Viruses
« Reply #7 on: September 30, 2010, 09:55:35 AM »
Then you just target the cryptor itself. It wouldn't be the first time and since no one would use it for legit purpose, you wouldn't get any false positives on it either. Job done.
At least in theory (since we haven't really seen anything of such type yet).
Visit my webpage Angry Sheep Blog