-
September 22nd, 2011, 10:12 AM
#1
Bios based malware
A Chinese AV company 360 discovered a new Trojan, the “ BMW Virus” (also called Mebromi), that can actually infect a computers BIOS: “ BMW 360 Security Center virus is the latest catch of a high-risk virus, the virus that infected a chain BIOS (motherboard chip program), MBR (master boot drive) and Windows system files, reinstall the system, regardless of the victim computer, format the hard disk, or replace the hard disk can not completely remove the virus.”
http://thehackernews.com/2011/09/bio...y-chinese.html
The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
Albert Einstein
-
September 23rd, 2011, 06:12 AM
#2
Very interesting!
I have sort of been following this kind of thing ever since the Magistr virus of years ago. That one just tried to trash the BIOS by flashing it with garbage, but that got me thinking about the potential for a more structured and targeted attack on the BIOS and other firmware.
This new one has got me thinking...........over the past 10 years or so I have mostly used Gigabyte MoBos, mainly because they have a pretty good price/performance ratio over here. They have a feature called "DualBios" which is actually two independent BIOS chips on the MoBo. If the BIOS gets screwed up for whatever reason you just restore it from the backup which is not flashable AFAIK.
OK, you may then have to reflash with the latest version, but at least it gets you up and running
I guess the "solution" is to prepare a bootable BIOS flash medium just in case, particularly if you only have one computer.
I haven't had time to give it much thought yet but at this point I guess I would go:
1. Remove infected HDD
2. Slave infected HDD and clean it.
3. Flash/restore BIOS
I think that should work?
I am not sure that I would expect AV providers to supply a BIOS cleaner at this stage..........I think that correct detection is more important.
What I didn't pick up is what versions of the Award BIOS are vulnerable. This could be a problem with older kit where the BIOS is not flashable with a current version. I guess it is up to OEMs to ensure that they provide legacy support, and for users to be prepared?
I am also wondering just how specific a BIOS has to be..........this particular machine has an ECS K7S5A MoBo and I flashed it with a third party BIOS so that it would support Silverlight.
For the more complacent amongst you:
Just because you have AMI or a Mac doesn't mean you are invulnerable.
@Cider:
Do any of you AV guys incorporate, or have a tool that scans BIOS and firmware?
-
September 23rd, 2011, 09:16 AM
#3
1. Remove infected HDD
2. Slave infected HDD and clean it.
3. Flash/restore BIOS
I think that should work?
Yes this would work.
@Cider: Do any of you AV guys incorporate, or have a tool that scans BIOS and firmware?
We do have something in dev, want to play ? :P
The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
Albert Einstein
-
September 24th, 2011, 08:23 PM
#4
-
September 28th, 2011, 02:58 PM
#5
as im sure you have seen: http://www.theregister.co.uk/2011/09...rity_job_cuts/
Give me a week or two till it cools down :P
The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
Albert Einstein
Similar Threads
-
By gore in forum Operating Systems
Replies: 3
Last Post: March 7th, 2004, 08:02 AM
-
By gore in forum Newbie Security Questions
Replies: 11
Last Post: December 29th, 2003, 08:01 AM
-
By Magic-Guy in forum AntiOnline's General Chit Chat
Replies: 1
Last Post: June 8th, 2003, 10:55 PM
-
By raghuveer in forum General Computer Discussions
Replies: 5
Last Post: April 14th, 2003, 10:18 AM
-
By Dr_Evil in forum Other Tutorials Forum
Replies: 1
Last Post: January 7th, 2003, 12:57 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|