Bios based malware
Results 1 to 5 of 5

Thread: Bios based malware

Hybrid View

  1. #1
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683

    Bios based malware

    A Chinese AV company 360 discovered a new Trojan, the BMW Virus (also called Mebromi), that can actually infect a computers BIOS: BMW 360 Security Center virus is the latest catch of a high-risk virus, the virus that infected a chain BIOS (motherboard chip program), MBR (master boot drive) and Windows system files, reinstall the system, regardless of the victim computer, format the hard disk, or replace the hard disk can not completely remove the virus.
    http://thehackernews.com/2011/09/bio...y-chinese.html
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  2. #2
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Very interesting!

    I have sort of been following this kind of thing ever since the Magistr virus of years ago. That one just tried to trash the BIOS by flashing it with garbage, but that got me thinking about the potential for a more structured and targeted attack on the BIOS and other firmware.

    This new one has got me thinking...........over the past 10 years or so I have mostly used Gigabyte MoBos, mainly because they have a pretty good price/performance ratio over here. They have a feature called "DualBios" which is actually two independent BIOS chips on the MoBo. If the BIOS gets screwed up for whatever reason you just restore it from the backup which is not flashable AFAIK.

    OK, you may then have to reflash with the latest version, but at least it gets you up and running

    I guess the "solution" is to prepare a bootable BIOS flash medium just in case, particularly if you only have one computer.

    I haven't had time to give it much thought yet but at this point I guess I would go:

    1. Remove infected HDD
    2. Slave infected HDD and clean it.
    3. Flash/restore BIOS

    I think that should work?

    I am not sure that I would expect AV providers to supply a BIOS cleaner at this stage..........I think that correct detection is more important.

    What I didn't pick up is what versions of the Award BIOS are vulnerable. This could be a problem with older kit where the BIOS is not flashable with a current version. I guess it is up to OEMs to ensure that they provide legacy support, and for users to be prepared?

    I am also wondering just how specific a BIOS has to be..........this particular machine has an ECS K7S5A MoBo and I flashed it with a third party BIOS so that it would support Silverlight.

    For the more complacent amongst you:

    Just because you have AMI or a Mac doesn't mean you are invulnerable.

    @Cider:

    Do any of you AV guys incorporate, or have a tool that scans BIOS and firmware?
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  3. #3
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    1. Remove infected HDD
    2. Slave infected HDD and clean it.
    3. Flash/restore BIOS

    I think that should work?
    Yes this would work.

    @Cider: Do any of you AV guys incorporate, or have a tool that scans BIOS and firmware?
    We do have something in dev, want to play ? :P
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  4. #4
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    @Cider,

    We do have something in dev, want to play ? :P
    Yeah! Yeah! ................ I am typing this on a 3/4 built machine for "Windows 2cubed"........................ The Windows Developer Preview version I downloaded this morning doesn't say more than that I have emboldened.

    However, this is IE 10 (Developer Preview) that I am using! I am very much into cutting edge testing as it happens.

    I would gladly contribute to the effort if I could. I do have a number of machines coming up for a virtual total refit, so I am not likely to risk much, if anything.

    Feel free to send a PM if you guys need some support..............

    [I'm sure you want to know if it will work on a 386 ]

    Cheers,

    Johnno
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  5. #5
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    as im sure you have seen: http://www.theregister.co.uk/2011/09...rity_job_cuts/

    Give me a week or two till it cools down :P
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

Similar Threads

  1. The history of the Mac line of Operating systems
    By gore in forum Operating Systems
    Replies: 3
    Last Post: March 7th, 2004, 07:02 AM
  2. Tcp/ip
    By gore in forum Newbie Security Questions
    Replies: 11
    Last Post: December 29th, 2003, 07:01 AM
  3. Break BIOS Pass
    By Magic-Guy in forum AntiOnline's General Chit Chat
    Replies: 1
    Last Post: June 8th, 2003, 10:55 PM
  4. cracking bios passwords and bypassing win 98 login password
    By raghuveer in forum General Computer Discussions
    Replies: 5
    Last Post: April 14th, 2003, 10:18 AM
  5. BIOS upgrade - harware tutorial
    By Dr_Evil in forum Other Tutorials Forum
    Replies: 1
    Last Post: January 6th, 2003, 11:57 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides