In May this year, a group of security experts came up with the so-called "graphics card virus", that is, malware running on GPU graphics cards, and claimed that current security solutions have no defense against it, which caused a lot of panic for a while, but Intel believes that it is not that scary after research. A group of developers collectively codenamed "Jellyfish" first created a rootkit and keylogger (keylogger) that can launch GPU attacks in Linux systems, and designed a remote access tool (RAT) in Windows, and also published proof-of-concept code on GitHub. Intel researchers have been analyzing the code and say in a new security report that GPU malware can be easily detected if scanning tools know what to look for. "Countless articles repeat the author's point of view," said Craig Schmugar, a security engineer from McAfee who is now at Intel, in the report. "If the relevant context is not considered, it is easy to misinterpret and create the illusion that there is an undetectable super virus that can run autonomously and current defenses are completely ineffective, which is not the case." Intel focused on how JellyFish runs, especially how the GPU and memory communicate through the DMA bus, and found that it must first obtain the most core ring 0 level access rights on the CPU before it can map the system memory to the GPU for reading and writing. Whether this can be done depends on the degree of protection of the system kernel. In addition, GPU malware needs to delete the CPU master file in the installer to hide itself, which makes the code exist only on the GPU. The timeout detection and recovery (TDR) process will be triggered in the Windows system, and the graphics card will be reset, and the malicious code will naturally disappear. If an attacker attempts to adjust the default reset time of TDR (2 seconds), it will be regarded as suspicious behavior by the system and trigger a security warning. In fact, if GPU malware continues to run, it will definitely consume a lot of GPU resources, causing the graphical interface and graphical applications to respond slowly, which users will definitely notice. As for the claim that the code will exist even after a reboot, Intel said that only data can be retained, not executable code. If these malicious codes want to escape the reboot, they must hide outside the GPU, which is easy to detect. As a winner of Toutiao's Qingyun Plan and Baijiahao's Bai+ Plan, the 2019 Baidu Digital Author of the Year, the Baijiahao's Most Popular Author in the Technology Field, the 2019 Sogou Technology and Culture Author, and the 2021 Baijiahao Quarterly Influential Creator, he has won many awards, including the 2013 Sohu Best Industry Media Person, the 2015 China New Media Entrepreneurship Competition Beijing Third Place, the 2015 Guangmang Experience Award, the 2015 China New Media Entrepreneurship Competition Finals Third Place, and the 2018 Baidu Dynamic Annual Powerful Celebrity. |
>>: Google: 2020 Smart Digital City Report - Citywide AI (136 pages)
Optimizing your website must start from the basic...
After experiencing the COVID-19 pandemic, consume...
The course lecturers are researchers and fund mana...
Every time a festival comes, many people will buy...
Many friends want to learn data analysis, so I wi...
Produced by: Science Popularization China Author:...
Most of the monitoring of website ranking data is...
This year, there have been more than 50 fires in ...
There are many mobile phone apps on the Internet ...
Revenues for the fourth quarter and the entire ye...
Durex and Jiang Xiaobai took advantage of the pos...
In iOS development, it is easy to write an App, b...
As the cost of acquiring customers on major e-com...
Douyin Principal "Love Principal VIP Family ...
The first human flight across the Pacific Ocean w...