Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Security researcher says new malware can affect your BIOS

08 Nov 2013   #1

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1 Pro
 
 
Security researcher says new malware can affect your BIOS

Security researcher says new malware can affect your BIOS; communicate over the air

Quote:
A noted security researcher says he has found a new type of malware that can affect some of the lowest levels of your machine.

No, Iím not talking about Wi-Fi downloads, but input signals converted into code by your laptopís microphone. The new malware is dubbed badBIOS by Dragos Ruiu, the security researcher who says he uncovered it.

Ruiu recently told Ars Technica that heís been tracking down badBIOS for the past three years. Since badBIOS is reportedly a crafty piece of code, all he has right now is a working theory about how the malware works.

Malware that starts by attacking the BIOSisnít unheard of, but most bits of bad code typically attack weaknesses in standard targets that live inside the operating system, such as Adobe Reader or a Java browser plugin.

BIOS malware could be more effective since itís harder to track down, and fixing it is beyond the capabilities of the majority of PC users.

But what really sets badBIOS apart is that it is supposedly capable of resisting erasure if someone reinstalls (known as flashing) the BIOS firmware. BadBIOS is also platform-independent, which means it can infect and work across a wide array of PC operating systems that include Windows, OS X, Linux, and BSD, according to Ruiu.

Updated 11/1/2013 at 5:15 p.m. PDTóThis story was updated to reflect that the current theory says badBIOS malware communicates over high-frequency signals, but infections happen only via USB sticks.
Security researcher says new malware can affect your BIOS; communicate over the air | PCWorld


My System SpecsSystem Spec
.

08 Nov 2013   #2

Windows 7 Enterprise x64
 
 

Very interesting method of infection. Thanks for the post.
My System SpecsSystem Spec
08 Nov 2013   #3
mjf

Windows 7x64 Home Premium SP1
 
 

I would think infection of the MBR boot code could be more risky. I'm not sure which anti malware software (if any) checks this.
My System SpecsSystem Spec
.


08 Nov 2013   #4

Windows 8.1 Pro x64
 
 

This is complete bogus crap. Sound hardware has nothing to do with BIOS nor the CPU, every motherboard uses a completely different sound system and chip.

Thirdly you would notice right away if something tried to modify the BIOS, in windows you need special privileges and UAC approval not to mention the manufacturer's own tools to modify those parts of the lower hardware level and on linux/BSD you need to be root and have the supporting software installed, not to mention that every BIOS is different. If you flashed a random BIOS to a random motherboard, it would not boot.

Here's why this is nonsense:
http://www.rootwyrm.com/2013/11/the-...ysis-is-wrong/
My System SpecsSystem Spec
08 Nov 2013   #5
mjf

Windows 7x64 Home Premium SP1
 
 

BIOS modification would probably need to be done at the source of your PC. However, the BIOS in an MBR boot hands over to MBR boot code before the OS kicks in and this lives on your HDD/SSD. One inserted (assembly) jump command could spell disaster IMO. Hence my question does the likes of Malwarebytes check your MBR boot code?
My System SpecsSystem Spec
11 Nov 2013   #6

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x86 Service Pack 1 - Linux Mint Mate 14 x64
 
 

Isn't the jmp Assembly instruction like the continue keyword in C/C++? A attacker could easily use the jmp instruction to bypass straight to their malicious code.
My System SpecsSystem Spec
12 Nov 2013   #7

Windows 7 Ultimate SP1 (64 bit), Windows XP SP3, Linux Mint 17 MATE (64 bit)
 
 
Anti-Rootkit Scan?

Quote   Quote: Originally Posted by mjf View Post
BIOS modification would probably need to be done at the source of your PC. However, the BIOS in an MBR boot hands over to MBR boot code before the OS kicks in and this lives on your HDD/SSD. One inserted (assembly) jump command could spell disaster IMO. Hence my question does the likes of Malwarebytes check your MBR boot code?
Shouldn't the anti-Rootkit scan check that?
My System SpecsSystem Spec
13 Nov 2013   #8

Windows 7 64-bit, Windows 8.1 64-bit, OSX Maverick
 
 

Quote   Quote: Originally Posted by yowanvista View Post
This is complete bogus crap. Sound hardware has nothing to do with BIOS nor the CPU, every motherboard uses a completely different sound system and chip.

Thirdly you would notice right away if something tried to modify the BIOS, in windows you need special privileges and UAC approval not to mention the manufacturer's own tools to modify those parts of the lower hardware level and on linux/BSD you need to be root and have the supporting software installed, not to mention that every BIOS is different. If you flashed a random BIOS to a random motherboard, it would not boot.

Here's why this is nonsense:
The badBIOS Analysis Is Wrong. at RootWyrm's Corner
Thanks for the link that debunks the badBIOS, quote from your link:
Quote:
So what do I think? I think that A) a number of security experts flapping their gums are good at security and know nothing about how hardware works and B) itís absolutely not a BIOS/Firmware level piece of malware. There are far, far too many blatant and obvious detection points. There is no way it could hop from Apple to PC, or even PC to PC or Macbook 2013 to Macbook 2011. (Forget Macbook to Mac Pro.)
My System SpecsSystem Spec
13 Nov 2013   #9

Windows 7 Ultimate SP1 (64 bit), Windows XP SP3, Linux Mint 17 MATE (64 bit)
 
 
Skip UAC

As far as I'm concerned, it is a bad idea to be able to update the BIOS from inside the OS.

It is possible to bypass/disable the UAC warning on operations.
CCleaner does it.
Security researcher says new malware can affect your BIOS-uac-ccleaner-skip.png


My System SpecsSystem Spec
14 Nov 2013   #10

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x64 SP1
 
 

Quote   Quote: Originally Posted by mjf View Post
BIOS modification would probably need to be done at the source of your PC. However, the BIOS in an MBR boot hands over to MBR boot code before the OS kicks in and this lives on your HDD/SSD. One inserted (assembly) jump command could spell disaster IMO. Hence my question does the likes of Malwarebytes check your MBR boot code?
The regular Malwarebytes does not, but the Malwarebytes Anti Rootkit (MBAR) does

Meet Malwarebytes Anti-Rootkit | Malwarebytes Unpacked

The Avast aswMBR might be something to look at

aswMBR

Or the GMER MBR rootkit detector

mbr.exe

To be sure, I believe you'd have to scan with a bootable CD, outside of windows.

A Guy
My System SpecsSystem Spec
Reply

 Security researcher says new malware can affect your BIOS




Thread Tools



Similar help and support threads for2: Security researcher says new malware can affect your BIOS
Thread Forum
Researcher Creates Proof-of-concept Malware That Infects BIOS, NIC Security News
Security researcher finds major security flaw in Facebook Security News
Security researcher slams Microsoft over IE9 malware blocking stats Security News
Solved Virus Or Malware Affect Internet Connection Network & Sharing
Researcher offers tool to hide malware in .Net System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 08:00 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33