Of course the idea is not new - neither is hacking or phreaking, neither is a virus with an April 1 time bomb deadline, neither is DDoS...
what makes this particularly nasty is that they have gotten sophisticated enough that they can actually *hide* from prying eyes of rootkit removal tools and traditional AV and AM software - and moreover, a BIOS PW is not necessarily going to protect you these days - I have performed a couple of BIOS upgrades where the settings were retained, including the PW. Setting a BIOS PW would help - if you go into your BIOS often enough and the PW gets compromised (as in removed). However, setting a System startup PW would be better - except, of course, for those that leave their machines on for months at a time, or performing only soft resets that do not activate the System PW.
The point is that malware is getting more and more sophisticated - as our hardware, software, everything else is as well. You have to be on your guard and start learning about prevention now or else you're more than likely going to end up being a victim to some sort of malware somewhere.