lolloj - Fotolia
I heard about a new type of malware that can infect a computer's GPU rather than its CPU, and that this malware cannot be detected and quarantined by traditional means. What is the best way, then, to find the GPU malware and mitigate this risk?
Anywhere there is firmware that can be updated, there is the possibility for implanting malware. Most antimalware tools do not check the firmware for all of the devices on a system to determine if it has been compromised. It may not even be possible to analyze the firmware on an endpoint to determine if it has been compromised.
Graham Cluley blogs about new proof-of-concept malware, from Team Jellyfish, that hides in the GPU. Currently this GPU malware only works on Linux, but it could be applied to Windows and OSX in the future. Analyzing the endpoint directly won't necessarily detect the GPU malware, but if it uses the network connection of the compromised host, this network traffic could be detected. If network traffic is detected without an identified running process, that could be an indicator of malware buried deep inside the endpoint. The initial code executed to load the malware in the GPU could be detected, as could any files stored on the file system that were used in the attack.
For enterprises with high security requirements, mitigating the risk of GPU malware might require the removal of any internal device with firmware, but most likely fully replacing the hardware will be most effective since multiple internal components could have been infected. The firmware on the device could be updated with known, good firmware to clean the malware.
Ask the Expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Learn about the malware lifecycle and when to analyze threats.
Find out if Trojans that capture passwords can be mitigated.
Learn how to stop malware that uses bulletproof hosting sites.
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
IBM banned removable storage devices to encourage employees to use the company's internal file-sharing system. Learn how a ban like this can improve ... Continue Reading
After a comeback of the Russian-built VPNFilter botnet, home network devices are at risk. Learn how this malware targets victims with expert Nick ... Continue Reading
The TrickBot banking Trojan joined forces with IcedID to form a dual threat that targets victims for money. Discover how this union occurred and how ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.