Stupid malware tricks: Attacker turns off your display

I ran into a new dirty trick that’s performed by malware: change the computer’s BIOS configuration so that nothing at all appears on the display until (many minutes after the PC’s switched on) the Windows XP logo screen appears. The PC was an old HP Pavilion 6535 with a Phoenix BIOS. Something had instructed its BIOS to not use the onboard video adapter, but instead (apparently) a (non-existent, in this machine) AGP- or PCI- based video adapter. When switched on, the PC’s display would remain dark and the PC would cry out with one long pathetic beep followed by two short ones. That’s a clever hack, but I ask, "Why?".

The PC’s owner had downloaded and installed a variety of trojan horses, malware, and spyware, so it was impossible to isolate the culprit, but I suspect that it was a purported "registry optimizer".

Reset the BIOS from the keyboard
I was searching for the motherboard reset jumper and/or its CMOS settings / Real Time Clock keep alive lithium battery, when I found a series of keystrokes on HP’s website that reset the BIOS to factory defaults. I preceeded these keystrokes with F1 (to get into the BIOS setup screen) and . . . it worked!

I learned two things:

  • Malware is getting nastier;
  • Windows XP’s video drivers bypass the BIOS settings and talk directly to the hardware . . . which in this case was a good thing.

Have a read and listen through the security blogs and podcasts on my website. Recently I heard one antivirus vendor (Trend Micro?) claim that they see thousands of new viruses / spywares / etc. each week.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s