jjoshua@topaz.rutgers.edu (Jonathan Joshua) (02/05/88)
New from a hacker near you! This new virus not only trashes your disks but flames your hardware! There have been 2 topics on the net recently. The first is the discussion about viruses. The other is the discussion about using fansi console with burndev.sys. It seems that using fansi and burndev.sys can damage your hardware. From what I understand, it has to do with standing waves. Anyone want to explain further? Anyway, if someone were to figure out how exactly the two different programs can fry your hardware, a virus could be written to do the same thing. Anyone running this virus could unexplainably suffer a crash that would be costly to fix. This virus would of course spread to other disks, causing the same effect on other computers. If you disk gets trashed by a virus program, the chances of recovering are good as long as you normaly back up your data. With this new type of attack against your computer, the only repair might have to be made by a qualified technician. Any responses to this? I would especially like to hear from the technical people to find out if this virus could be implemented. As a person with limited financial means (I am a student) a virus like this one could be very bad. A herc board might only be $75.00, but that is $75.00 too much for me.
jamesa@amadeus.TEK.COM (James Akiyama) (02/06/88)
Jonathan Joshua asks whether it is possible to damage hardware thru a software "Trojan". First I was hesitant to reply since this information may actually cause more Trojans to appear. But I also feel it is important that others know so they can be aware of the dangers and threats posed by "Trojan Horses" and "Viruses". It is possible to damage certain IBM PC hardware configurations thru software. The orignal IBM monochrome monitor (not sure about current ones) depended entirely on the monochrome (or compatible) card to provide the sync signals. Although the monitor did blank if a sync signal was missing (to prevent damage if the monitor cable became disconnected) it did not detect an improper sync frequency. Incorrect frequencies would cause part of the sync circuitry inside the monitor to overheat. This was common with older "screen save utilities" since these utilities re-program the video controller chip (6845). Note that IBM and others (e.g. Hercules, etc) recommend that software which re-program the 6845 controller chip NOT RELY ON PREVIOUS STATES OF THE 6845 REGISTERS and highly recommends RE-PROGRAMMING ALL OF THE REGISTER. This is to prevent damage to certain monitors. Also it is imperative that when you do re-program the video controller, you know exactly what you're doing. Note that several "clone" monitors do incorporate better sync circuitries which prevent this from happening. Also, I do not believe this is a problem with the CGA, EGA, or VGA monitors. Note that this is not intended to be a flame at IBM--they made a cost conscious decision when designing the monitor and probably did not intend others to bypass BIOS calls or to provide alternate monitor adapter cards (e.g. Hercules). Remember that this monitor/card combination were designed when IBM was not even sure how well the PC would do--their competition being the Apple II and CPM based systems. This problem (as well as direct writes to the WD1010 fixed disk controller registers) is why many so called "Anti-Trojan Horse" programs fail. The only sure way to prevent such attacks is to provide physical hardware to prevent direct access to these ports. Note that such hardware would probably prevent many commercial software packages from working (those which write directly to hardware). Another method (which is not quite as secure) is to implement "pseudo-registers" in the 80286 (80386) "protected-mode". Basically, one would protect the I/O registers, which would cause an exception trap when any software attempted direct I/O access. The operating system would then examine the access and restart the program if the access was deemed unharmful. Note that this would be a major software undertaking since you would have to write a protected version of the BIOS, implement the "pseudo-register" code, and handle the pecularities of the 80286 (80386) protected-mode. To prevent damage to your monitor, one could probably build a small circuit which connects inline with the monitor cable to the adapter card. This circuit would then limit the sync frequency to the limits acceptable to the particular monitor (different for IBM's monochrome, CGA, EGA, and VGA monitors). Hope this helps. James E. Akiyama Tektronix, Inc.