You thought you had your hands full with spam and your garden-variety software viruses, eh? Well, hang on to your seat: A new type of threat is just now being tinkered with in research labs. Called "malicious circuits," the new potential threat involves designing (or surreptitiously redesigning) microchips that can perform evil deeds without having to rely on software being installed on a computer.

If it sounds theoretical and far-fetched, think again: It's already possible, and it's been proven on a microchip called Leon3. Leon3 is an open-source chip design containing 1.7 million circuits. Because it's open source, anyone with the knowhow and the inclination can contribute to the design of the chip. As a proof of concept, researchers at the University of Illinois at Urbana Champaign took the chip design and modified it through the addition of just 1,341 logic gates, a pittance compared to the overall size of the chip. Those changes give an attacker three ways to compromise the system, including a backdoor that would give anyone with the knowledge of the hack complete access to the system and another that would allow theft of any password as it's typed on the machine.

The really scary thing is that, since the attack lives in hardware, not software, it's virtually impossible to detect. For example, antivirus software can only scan your computer for active processes that are outside the realm of normal operation. But a malicious circuit requires no software, existing at such a low level as to make defense against it far more difficult. It's the computer equivalent of a double agent who's been living in deep cover for 20 years.

Because the knowledge and effort involved in such an attack is so extreme vs. that of a software-based attack, malicious circuits aren't likely to be a major threat for the average user, but the potential danger here is real. All it would take is for one designer to target a popular chip design, then lay low as it's shipped into the industry. Imagine what might happen if an Intel CPU was compromised. Highly unlikely, sure, but devastating if it ever came to pass.