I heard about a new type of malware that can infect a computer's GPU rather than its CPU, and that this malware...
cannot be detected and quarantined by traditional means. What is the best way, then, to find the GPU malware and mitigate this risk?
Anywhere there is firmware that can be updated, there is the possibility for implanting malware. Most antimalware tools do not check the firmware for all of the devices on a system to determine if it has been compromised. It may not even be possible to analyze the firmware on an endpoint to determine if it has been compromised.
Graham Cluley blogs about new proof-of-concept malware, from Team Jellyfish, that hides in the GPU. Currently this GPU malware only works on Linux, but it could be applied to Windows and OSX in the future. Analyzing the endpoint directly won't necessarily detect the GPU malware, but if it uses the network connection of the compromised host, this network traffic could be detected. If network traffic is detected without an identified running process, that could be an indicator of malware buried deep inside the endpoint. The initial code executed to load the malware in the GPU could be detected, as could any files stored on the file system that were used in the attack.
For enterprises with high security requirements, mitigating the risk of GPU malware might require the removal of any internal device with firmware, but most likely fully replacing the hardware will be most effective since multiple internal components could have been infected. The firmware on the device could be updated with known, good firmware to clean the malware.
Ask the Expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Learn about the malware lifecycle and when to analyze threats.
Find out if Trojans that capture passwords can be mitigated.
Learn how to stop malware that uses bulletproof hosting sites.
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
New variants of popular botnets were found targeting IoT devices by Palo Alto Networks' Unit 42. Discover how these variants differ from their ... Continue Reading
Detected malware can now efficiently be tracked due to VirusTotal's enterprise version of its software. Discover what N-gram is and how it can be ... Continue Reading
A new Kronos banking Trojan variant was found to use process impersonation to bypass defenses. Learn what this evasion technique is and the threat it... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.