Bios Virus
Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: Bios Virus

  1. #1
    Member
    Join Date
    Mar 2003
    Posts
    30

    Bios Virus

    Hello everyone,

    I just started this topic in a reply to a post I started but I also wanted to put it here so some people who have more knowledge of viruses can respond.


    Here is the quesiton:

    You can update bios through a program run from a floppy disk,
    WHY can a virus not do the same.

    If anyone could explain to me how a virus cannot change/alter/erase bios I would love to know, so I can put this nagging little question out of my head.

    Thanx
    Free Speach is nothing but a giant noose. If you are dumb enough to stick your neck into it, then you had better be prepared for someone else to choke your mouth shut.

  2. #2
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324
    That would be pretty tough...

    A BIOS update has to be done by a program that flashes the BIOS.
    This happens before any memory or hard disk is accessed.

    Since the memory dumps everything after it looses power... there is no way for a virus to infect the BIOS.

    Another thing would be... how would a virus writer know which BIOS version a user is running, and which program that they have to use to flash the BIOS and then how to get the user to put the virus on the disk, and infect theirselves.

    So... I think the first place a virus writer would have an opportunity to infect would be the MBR (master boot record). Which can be easily fixed by a fdisk /MBR
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  3. #3
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    I read this a few times... and thought about it for a minute, and a virus attacking the BIOS sounded really familiar.... Then I remembered why... Now this is a little dated but it proves it can happy...

    I'm sure everyone remembers CIH. Well one of the points of that virus was that it could kill your BIOS if you had a Flashable BIOS on the original Pentiums..... It happened to a friend of mine and it wasn't pretty... ended up costing him a new motherboard....

    This page doesn't give detailed information on how it works, but it gives you some details on CIH and what exactly it did.... I'm sure googling for CIH +BIOS or BIOS +Virus will give you more results and a little more detail. Anyways.. here's the page:
    http://www.stiller.com/cih.htm

  4. #4
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324
    HTRegz:

    Wow. I had no idea that that would be possible... crazy.

    I'm going to have to do a little more research on this one... you've me pondering....
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  5. #5
    Member
    Join Date
    Mar 2003
    Posts
    30

    Thank you Phish

    Im glad you responded to this Phish as you seem to be one of the bright bulbs around here,
    Ok thats enough kissing your kilt, im gonna get to the point now,

    All of your points are valid, but I have never heard disscussions (sp) over "bios Security" and that alone makes it in my mind an open playground for hackers. What I mean is that by everyone assumeing that bios is 99.9% secure, no one thinks to really dig into ways that it could be attacked. Knowing what I know about hackers (which is very little) I have to think that any hacker/virus writer would probe bios for every little exploit possiable. As you said before it would be really hard but is it Impossiable?

    If someone was to write a virus for bios that could cause damage, how would you know its a virus? Are there virus scanners for bios? No. Is there an auto protect feature in NAV2003 for bios protection? No. Pretty much if a hacker nailed bios there would be no way to tell that it was hacked. If you destroyed bios there is no fingerprint left behind.

    This may sound WAY outta left field but for the sake of keeping this post going tell me if this could happen...

    A virus is written that alters windows power management. When you shut your computer down, the virus alters the closeing of windows to tell the power supply (yes i know power supplies are stupid boxes that do not accept commands from windows, but the motherboard is not) to maintain power to the RAM. Enough to keep what ever was last there, still there.

    Now this is a COMPLETE theory but I would like to know if it holds any water At all. BTW sorry for the crummy spelling
    Free Speach is nothing but a giant noose. If you are dumb enough to stick your neck into it, then you had better be prepared for someone else to choke your mouth shut.

  6. #6
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    blunuke420:

    If you are concerned about a file (virus) affecting your bios.. the best thing to do is pull your case open and find the BIOS Write-Protect Jumper... As long as your BIOS is Write-Proected.. nothing is going to change it. It's like Write-Protecting a disk.. you can't put any files on it..


    As for BIOS Security.. that's usually when someone has physical access to the machine. You don't want the users in your company accessing the BIOS and changing the boot order from C,A to A,C.. Then they could boot whatever they wanted off a floppy and go wild with it.

  7. #7
    Member
    Join Date
    Mar 2003
    Posts
    30
    so if your bios is write protected at the jumper there is NO way for it to be altered, even with a flash program?
    Free Speach is nothing but a giant noose. If you are dumb enough to stick your neck into it, then you had better be prepared for someone else to choke your mouth shut.

  8. #8
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Nope... can't be done....

    That's why the instructions when flashing your BIOS will say make sure the jumper is removed.... or on.. depending on your MoBo setup

  9. #9
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324
    Im glad you responded to this Phish as you seem to be one of the bright bulbs around here,
    Ok thats enough kissing your kilt, im gonna get to the point now,
    Thanks... but as HTRegz pointed out...

    Well one of the points of that virus was that it could kill your BIOS if you had a Flashable BIOS on the original Pentiums..... It happened to a friend of mine and it wasn't pretty... ended up costing him a new motherboard.... http://www.stiller.com/cih.htm
    We went over that in an OS class I took... and my professor said that it wasn't possible... but who said professors are always correct? They are human just like you and I...
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  10. #10
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,535
    I remember the CIH cost me a mobo (I had a PII 300 at that time)
    Well I did like the fact that my new mobo DID have a jumper for flashing and also it had faster mem support..

    I think for those MOBO's you could even flash the BIOS with your own stuff..
    and even for some newer mobo's..

    the only trouble is: evry mobo has different bios (for the biggest part they are the same but still)..
    so the virus would be asus or msi only.. if you catch my drift here..
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •