Results 1 to 4 of 4

Thread: Article: Rootkits possibly heading to BIOS

  1. #1
    Senior Member genXer's Avatar
    Join Date
    Jun 2005
    Posts
    252

    Article: Rootkits possibly heading to BIOS

    Yay! Because we didn't have enough to do...

    From SecurityFocus

    Linkie: http://www.securityfocus.com/news/11372

    Story lead-in:
    Researchers: Rootkits headed for BIOS
    Robert Lemos, SecurityFocus 2006-01-26

    ARLINGTON, Virginia -- Insider attacks and industrial espionage could become more stealthy by hiding malicious code in the core system functions available in a motherboard's flash memory, researchers said on Wednesday at the Black Hat Federal conference.
    Also another quote from the article that SecurityFocus also highlighted:
    "It is going to be about one month before malware comes out to take advantage of this," said Greg Hoglund, a rootkit expert and CEO of reverse engineering firm HBGary. "This is so easy to do. You have widely available tools, free compilers for the ACPI language, and high-level languages to write the code in."
    And yet another quote - in regards to the one of the vectors of attack:
    However, an insider attacker could flash their laptop before they leave a company and then use the rootkit, which would survive reinstallation of the operating system. The insider could then gain access to the corporate network at a later time.
    Also a link to the Black Hat Federal Conference - information on who gave the speech, John Heasman, NGSSoftware:
    http://www.blackhat.com/html/bh-fede...s.html#Heasman
    \"We\'re the middle children of history.... no purpose or place. We have no Great War, no Great Depression. Our great war is a spiritual war. Our great depression is our lives. We\'ve all been raised by television to believe that one day we\'ll all be millionaires and movie gods and rock stars -- but we won\'t. And we\'re learning slowly that fact. And we\'re very, very pissed off.\" - Tyler (Brad Pitt) Fight Club.

  2. #2
    Senior Member
    Join Date
    Sep 2003
    Posts
    101
    not really that new of an idea.

    link to an old virus that would flash your bios
    http://www.geocities.com/SiliconVall.../3652/cih.html

    example of how you would flash the bios on a machine remotely
    http://www.liniac.upenn.edu/software...ash-HOWTO.html

    The reason this is hitting the news now is because people at home now have the access to the programs that make witting your own bios not easy but easier. I would think that people running an entire seperate operating system in the memory of your top notch gaming video card would be scarier. ( i have a friend that is working on that)
    chown -r us ./bases

  3. #3
    Senior Member genXer's Avatar
    Join Date
    Jun 2005
    Posts
    252
    not really that new of an idea.
    Well - it was new to me - and I'm sure at least a few others. Still good to know that and as you stated:

    The reason this is hitting the news now is because people at home now have the access to the programs that make witting your own bios not easy but easier.
    If you have lead-ins for newer security threats- I know I would like to get the links or information!
    \"We\'re the middle children of history.... no purpose or place. We have no Great War, no Great Depression. Our great war is a spiritual war. Our great depression is our lives. We\'ve all been raised by television to believe that one day we\'ll all be millionaires and movie gods and rock stars -- but we won\'t. And we\'re learning slowly that fact. And we\'re very, very pissed off.\" - Tyler (Brad Pitt) Fight Club.

  4. #4
    There were a couple technical details in the article that didn't seem quite right. I do think that the point of the laptop being the more vulnerable is probably likely. The desktop system can be flashed at any time, normally, unless there is a supervisor password enabled on the BIOS. If that is in place, the flash usually fails. Even then, the desktop BIOS may not contain the power management features and capabilities that a laptop BIOS might, and the "BIOS rootkit" may not function in it. I may be wrong here.

    Anyway, the potential there. However, the practical implementation may be pretty difficult. If we all used the same BIOS, I could see the implementation being a slam dunk, so to speak. However, when there are any number of brands and variations of each brand. Building a BIOS rootkit that will attack and successfully flash disparate computer systems may turn out to be extremely difficult.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •