PCI Cards the Next Haven for Rootkits?
According to this SecurityFocus.com article, a security researcher named John Heasman came up with a way to hide malicious code on PCI cards that use expansion memory to accomplish their functions. This technique would unfortunately allow infected computers to carry on the code even after a full OS re-installation.
The paper (PDF), published on Wednesday, builds on the work presented by Heasman earlier this year, describing ways to use the Advanced Configuration and Power Interface (ACPI) functions available on almost all motherboards to store and run a rootkit that could survive a reboot. The current paper outlines ways to use the expansion memory available on Peripheral Component Interconnect (PCI) cards, such as graphics cards and network cards.
Even if such techniques will probably not become commonplace anytime soon, the fact that someone thought of a way to do this is frightening nonetheless.