PCI Rootkit

John Heasman, a security researcher at Next-Generation Security Software, released a paper titled “Implementing and Detecting a PCI Rootkit” describing a way to hide malicious code on graphics and network cards in such a way as to avoid detection and survive a full re-installation of the operating system.

The paper (PDF), published on Wednesday, builds on the work presented by Heasman earlier this year, describing ways to use the Advanced Configuration and Power Interface (ACPI) functions available on almost all motherboards to store and run a rootkit that could survive a reboot. The current paper outlines ways to use the expansion memory available on Peripheral Component Interconnect (PCI) cards, such as graphics cards and network cards.

Source: SecurityFocus.

Read full paper here.

Share this... Tweet about this on TwitterShare on LinkedInShare on FacebookShare on Google+Email this to someone

Leave a Reply