I heard about a new type of malware that can infect a computer's GPU rather than its CPU, and that this malware...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
cannot be detected and quarantined by traditional means. What is the best way, then, to find the GPU malware and mitigate this risk?
Anywhere there is firmware that can be updated, there is the possibility for implanting malware. Most antimalware tools do not check the firmware for all of the devices on a system to determine if it has been compromised. It may not even be possible to analyze the firmware on an endpoint to determine if it has been compromised.
Graham Cluley blogs about new proof-of-concept malware, from Team Jellyfish, that hides in the GPU. Currently this GPU malware only works on Linux, but it could be applied to Windows and OSX in the future. Analyzing the endpoint directly won't necessarily detect the GPU malware, but if it uses the network connection of the compromised host, this network traffic could be detected. If network traffic is detected without an identified running process, that could be an indicator of malware buried deep inside the endpoint. The initial code executed to load the malware in the GPU could be detected, as could any files stored on the file system that were used in the attack.
For enterprises with high security requirements, mitigating the risk of GPU malware might require the removal of any internal device with firmware, but most likely fully replacing the hardware will be most effective since multiple internal components could have been infected. The firmware on the device could be updated with known, good firmware to clean the malware.
Ask the Expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Learn about the malware lifecycle and when to analyze threats.
Find out if Trojans that capture passwords can be mitigated.
Learn how to stop malware that uses bulletproof hosting sites.
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
Cross-platform malware enables attackers to leverage their attacks using infected Microsoft Word docs. Expert Nick Lewis explains how the attacks ...continue reading
How was the ATMitch malware able to loot cash machines, then delete itself? Expert Nick Lewis explains how the fileless malware works and how it ...continue reading
DoubleAgent malware is a proof of concept for a zero-day vulnerability that can turn antivirus tools into attack vectors. Expert Nick Lewis explains ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.