Researchers Find Malware hiding in DMA on Graphics & Network Cards

Researchers in Germany have found a way to detect malware hiding that conventional antivirus is not able to detect.  This variant of malware is called DMA Malware because it resides in the Direct Memory Access (DMA) region of system memory.  The researchers have developed a proof of concept for detection of this malware variant.  Malware operating in the DMA of a computer has both high level access to the system and the ability to operate without detection.

The researchers have released a paper that can be found on Research Gate at:
http://www.researchgate.net/publication/244484148_A_Primitive_for_Revealing_Stealthy_Peripheral-Based_Attacks_on_the_Computing_Platform%27s_Main_Memory

Two similar papers have been released on this subject:

What if you can’t trust your network card?  by Loc Duot, Yves-Alexis Perez, and Benjamin Morin of the French Network and Information Security Agency
(http://www.ssi.gouv.fr/IMG/pdf/paper.pdf)

and

VIPER: Verifying the Integrity of PERipherals’ Firmware by Yanlin Li, Jonathan M. McCune, and Adrian Perrig of CyLab, Carnegie Mellon University
(http://users.ece.cmu.edu/~jmmccune/papers/LiMcPe2011.pdf)

Here is a YouTube video of the detector in action exfiltrating passwords

Post by Protocol 46