Appeared worm computer attack AMD processor chip

Symantec's security researchers have discovered a computer worm that can directly attack AMD processors, instead of attacking Windows operating systems.

With two different versions, the newly discovered computer worm - named Symantec named w32.bounds and w64.bounds - is capable of attacking both 32-bit and 64-bit versions of AMD.

However, according to experts, these are just destructive codes that are proven to be capable of attacking AMD chips rather than a complete worm, so the level of security threats is not high.

" Although it is only the code that is not harmful yet, it can completely be the original platform to create other malicious software to attack PC systems despite that PC is running this type of system. ", Mr. Vincent Weafer, director of Symantec Security Response Group warned.

Highest control

' If I can gain access to the processor level, I will become the boss. I can completely remove some kernel-based or user-protected solutions. Virus programmers always want to gain as deep access as possible on the victim's system , 'Weafer said.

' Once the aforementioned worm operates right in the processor, I will get access to the deepest level of the system. I can absolutely do anything I want , 'Weafer said.

However, each of the different processor types uses a different type of Operating Code (opcode). So the ability to attack a wide range of newly discovered computer worms seems to be greatly limited.

' Usually, the access to optcode access is often not very effective because the microprocessor market has many different opcode types applied. This worm will be hard to infect many PC systems , 'said Weafer.

Logically, the next step on the development path of the computer worm is to combine both 32-bit and 64-bit versions to form a single type of malware that attacks the lines. AMD chip.

This solution, the director of Symantec Security Response Group stressed, is easier to apply to AMD's product lines than Intel's because the two 32-bit and 64-bit chips of AMD are relatively similar. , while Intel products do not.

Potential risks

' The author's primary motivation for this computer worm is to provide a realistic demonstration: The code that attacks the processor can completely harm and bypass every detected technology if it is infects multi-core processor streams. He wants to prove his technical talent. But this technique cannot be used to create widespread computer virus pandemics. This technique can only be used in attacks with really clear objectives or theoretical attacks , 'said Weafer.

Two versions of w32.bounds and w64.bounds both infect the system by writing to Windows self-executing files. Therefore, these worms have only been proven to be capable of attacking microprocessors and cannot be called microprocessor-level security threats. However, the worm also has the expression of a security threat of this type thanks to its ability to execute some code at the processing level.

History of the world security industry has witnessed the explosion of a microprocessor-level security threat in 1998. CIH / Chernobyl appears and embeds itself into the BIOS of millions of computer systems in 13th anniversary of the Chernobyl nuclear disaster. The goal of this malicious software is to remove all data. It is estimated that the total damage caused by CIH / Chernobyl has reached 250 million USD. This type of malware originated in Korea.

Today, the risk of processor-level security is quite rare. Viruses that attack the operating system are easier to program and develop. The most obvious demonstration is the dominance of viruses that attack the Windows operating system.

Trang Dung