GPU Viruses

http://it.slashdot.org/story/10/09/27/1422205/Malware-Running-On-Graphics-Cards
http://dcs.ics.forth.gr/Activities/papers/gpumalware.malware10.pdf

So, is Avast going to be on top of this possible up-and-coming form of malware?

Nice concept but not gonna happen anytime soon… it’s just too small userbase, too many dependences, too many possible bugs. Just not gonna happen.

Gee, how many times have we heard this in the security world and then got screwed over… ::slight_smile:

This is not the attitude to have for a security company.
Sure, it is just a concept right now. But hackers love to make proof-of-concepts, release that to the public, them we get hit with new security threats.

If avast wasn’t to get/stay on stop, they need to at least be aware of this and have some sort of plan.

And what’s so special about these GPU viruses? I mean, it can simply be detected by a signature or checksum, just as any other file. It doesn’t matter whether it’s meant for current CPU, for current GPU… or for a CPU ten years in the future on a different planet.

What igor said. The binary has to arrive to the system somehow. It can’t just magically appear inside graphic card memory and make magical changes to the system.

From the end of the white-paper:

The rapid evolution of general-purpose computing on graphics processors enables malware authors to take advantage of the GPU present in modern personal computers and [b]increase the robustness of their code against existing defenses[/b]. The [b]code armoring techniques [/b]presented in this paper—GPU-based unpacking and [b]runtime polymorphism[/b]—not only demonstrate the feasibility of GPU-assisted malware, but also show the great potential that general-purpose computing on GPUs has in [b]enhancing the evasiveness and functionality of malicious code[/b]. Both [b]techniques have been implemented and tested [/b]using existing graphics hardware...

From an article on The Register regarding this topic:

“Implementing the self-unpacking functionality of a malware binary using GPU code can [b]pose significant obstacles to current malware detection and analysis systems[/b],” the scientists wrote in a research paper scheduled to be presented next month at the IEEE's International Conference on Malicious and Unwanted Software.

http://i33.photobucket.com/albums/d93/WhiteZero/GPUMalware.jpg

I’m not quite technically inclined enough to understand the code-level ramifications of this, but I’d suggest those of you who could should actually read the white-paper.

The topic has got a lot of press, I urge avast not to just shrug it off.

OK, polymorphic malware might be a little tricky (it always is) - but generally, it’s just another platform.

Then you just target the cryptor itself. It wouldn’t be the first time and since no one would use it for legit purpose, you wouldn’t get any false positives on it either. Job done.
At least in theory (since we haven’t really seen anything of such type yet).