Sysinternals Homepage
Forum Home Forum Home > Windows Discussions > Malware
  New Posts New Posts RSS Feed - Gpu based paravirtualization rootkit, all os vulne
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Gpu based paravirtualization rootkit, all os vulne

 Post Reply Post Reply Page  <1 192021
JackMove View Drop Down

Joined: 14 February 2017
Status: Offline
Points: 2
Post Options Post Options   Thanks (0) Thanks(0)   Quote JackMove Quote  Post ReplyReply Direct Link To This Post Posted: 20 February 2017 at 8:22pm
Good point. I have a lot of notes on paravirtualization as well, but nothing compelling yet.

Some other key points I wanted to mention:


I don't know know exactly what or how, but how the system is communicating with the display I'd bet my bottom dollar has something to do with how air gapped machines are being breached. I've noticed that if I boot with no display connected, then wait a while and connect one, it seeems that the system begins waiting for a display and then continues booting right after the initial OS loading screen. It immediately continues the boot up process from that point when a display is connected.


Also, I've noticed something peculiar about colour profiles I haven't seen addressed anywhere. Now this is particularly tin hatish, I know, but just one look at the colour profile files on any of my systems and anyone who has had even a little experience with networking would probably notice that the numerical values found in there look an awful lot like IP addresses. There are usually four digit, comma separated numbers and none of them ever go over 255 (but regularly go right up to it, as is common with IPv4 addresses). Sometimes I find them separated by another number sequence that looks exactly like geo coordinates. The ones I looked up (which were only 2 or 3) were in Russia. But when looking up the IP addresses (or what I believe are IP addresses) I discovered that about 30% of them belong to the Department of Defense. The UK's ministry of defence was another, and of course some anonymous addresses that I couldn't track down an associated responsible party of.

If I'm missing something obvious that explains the above please let me know. I know this is a pretty wild theory but just in case I'm right I thought I should mention it somewhere.

It would explain why color profiles are so explicitly laid out in seemingly every OS when most people will probably never even consider them. If anyone is looking for less conjecture and more real evidence, I have endless screenshots highlighting just about everything you could imagine so just ask.

Edited by JackMove - 20 February 2017 at 8:24pm
Back to Top
 Post Reply Post Reply Page  <1 192021
  Share Topic   

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 11.06
Copyright ©2001-2016 Web Wiz Ltd.