Virus attacks on PGP
Ian Whalley
ian at virusbtn.com
Tue Nov 21 11:07:56 PST 1995
>>Could a virus write to a write-protected disk? I'm not sure if the
>>protection is done in the BIOS or the drive hardware.
>In the drive hardware.
In certain rare cases, drive hardware fails in such a way to allow
write access to write-protected diskettes - I have one such machine
here. This appears to happen more often in 5.25" drives - perhaps
this is simply because most of the ones I come in contact with are
older than the 3.5" ones.
This is not a suitable viral attack, however, least of all against
a specific target like PGP. However, viruses attacking specific
programs are well-known, both in concept and actuality - take
AntiEXE, which will corrupt certain sector reads if the sector
starts with a given byte pattern. In a similar way it would be possible
to attack PGP, at least on DOS platforms. However, it would be
dependent upon compiler used/version of PGP/etc etc, and only
work in a few cases.
More likely is something which waits to see when a certain program
is run (let's say PGP :-)), and records keystrokes (keyphrase,
anyone?). Then it takes a copy of the secret key file along with
the keyphrase, and is able to do whatever it likes with them.
Slightly off-topic, for which I apologise, but there we go.
I.
---------------------------------------------------------------------
| Ian Whalley, Editor, | Phone/Fax : +44-1235-555139/531889 |
| Virus Bulletin, | DDI : +44-1235-544039 |
| 21 The Quadrant, |------------------------------------------|
| Abingdon Science Park, | PGP key : 2A 02 96 E5 5D 77 4C 8D |
| Oxon, OX14 3YS, UK. | fingerprint : EB 22 14 6F E0 3B A0 D3 |
---------------------------------------------------------------------
More information about the cypherpunks-legacy
mailing list