Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: All your AV software is now Obsolete !!!

31 Mar 2009   #1
jimbo45

Linux CENTOS 7 / various Windows OS'es and servers
 
 
All your AV software is now Obsolete !!!

Hi everybody

The latest set of rootkit viruses can now theoretically mess up your BIOS making it virtually impossible to disinfect your computer by traditional means.

These don't work "normally" (as in "normal virus code") so current AV software is powerless to detect this stuff.

So at least apply a BIOS password or a BIOS LOCK to your machine.

New BIOS Virus Withstands HDD Wipes - Tom's Hardware
Cheers
jimbo


My System SpecsSystem Spec
.

31 Mar 2009   #2
Airbot

Windows 7 Ultimate x64 SP1
 
 

Hi jimbo,

Please pick the appropriate Forum to post your threads in. Thank you.

Moved to Security Forum.
My System SpecsSystem Spec
31 Mar 2009   #3
Morsolo

Windows 7 7068 x86
 
 

Viruses are getting ridiculous now

Thanks for letting us know, but as I always say, the best protection is a good Scanner and a good Brain
My System SpecsSystem Spec
.


31 Mar 2009   #4
RST101

Windows 7 Ultimate x64.
 
 

Right that is me sh+++ing myself. How do you lock bios or whatever. I wouldn't know how to flash bios but when I have posted this I am going to learn it. How do you password protect bios?

I know these security experts lay it on a bit hard but I would still like to know.
My System SpecsSystem Spec
31 Mar 2009   #5
black dog

7068 64 bit + XP Pro
 
 

I would be more concerned about being abducted by Aliens.
My System SpecsSystem Spec
31 Mar 2009   #6
Orbital Shark

 
 

I'm suspisious of anything involving April fools day on the other hand i'm gonna be the most safety contious i've been in a long long long time. I've now gone and PW protected my BIOS
My System SpecsSystem Spec
31 Mar 2009   #7
PhoneyVirus

Windows 7 Professional (64-bit)
 
 
Computer Viruses are nasty things. But the nasty just got nastier.

Week old news this thread should be locked after this In many worst case scenarios, a hard drive wipe is the final solution to ridding a system of an infection. But the absolute worst case scenario is if a virus attacks the BIOS, making detection and cleaning an incredible challenge.

Viruses that target the BIOS aren’t new, but often they are specific to a type of hardware. Researchers have now demonstrated a new type of attack that could install a rootkit on the BIOS of common systems, making it very lethal and effective.

Anibal L. Sacco and Alfredo A. Ortego of Core Security Technologies released a presentation detailing the exploit of this “persistent BIOS infection.”
 Through the use of a 100-line piece of code written in Python, a rootkit could be flashed into the BIOS and be run completely independent of the operating system.

"We tested the system on the most common types of Bios," said Ortega in a vunet story. "There is the possibility that newer types of Extensible Firmware Interface Bios may be resistant to the attack, but more testing is needed."

Flashing a system’s BIOS requires administrative control, but that could first be obtained through a more ‘innocent’ virus that could reside on the hard disk drive. Once an attacker has admin rights, the rootkit could be flashed onto the BIOS and would remain effective even if the original virus on the hard disk were removed. Even a complete format wouldn’t rid the system of the virus.

"You would need to reflash the Bios with a system that you know has not been tampered with," he said. "But if the rootkit is sophisticated enough it may be necessary to physically remove and replace the Bios chip."

There is defense against such an attack, however, as the researchers say that a password or physical lock against BIOS flashes could block the install of the rootkit.

"The best approach is preventing the virus from flashing onto the Bios," said Sacco. "You need to prevent flashing of the bios, even if it means pulling out jumper on motherboard."

http://www.coresecurity.com/files/at...nSecWest09.pdf
My System SpecsSystem Spec
31 Mar 2009   #8
darco

Win 7 x64 7137
 
 

Quote   Quote: Originally Posted by Morsolo View Post
Viruses are getting ridiculous now

Thanks for letting us know, but as I always say, the best protection is a good Scanner and a good Brain
or Linux
darco
My System SpecsSystem Spec
31 Mar 2009   #9
Jaqie

Windows 7 Beta (and others, multiboot)
 
 

bah this is not new. Anyone remember CIH/chyrnobyl? old idea with a new twist is all. keep the box from getting infected in the first place instead of worrying about what to do when it is.
My System SpecsSystem Spec
31 Mar 2009   #10
johngalt

 

Of course the idea is not new - neither is hacking or phreaking, neither is a virus with an April 1 time bomb deadline, neither is DDoS...

what makes this particularly nasty is that they have gotten sophisticated enough that they can actually *hide* from prying eyes of rootkit removal tools and traditional AV and AM software - and moreover, a BIOS PW is not necessarily going to protect you these days - I have performed a couple of BIOS upgrades where the settings were retained, including the PW. Setting a BIOS PW would help - if you go into your BIOS often enough and the PW gets compromised (as in removed). However, setting a System startup PW would be better - except, of course, for those that leave their machines on for months at a time, or performing only soft resets that do not activate the System PW.

The point is that malware is getting more and more sophisticated - as our hardware, software, everything else is as well. You have to be on your guard and start learning about prevention now or else you're more than likely going to end up being a victim to some sort of malware somewhere.
My System SpecsSystem Spec
Reply

 All your AV software is now Obsolete !!!




Thread Tools





Similar help and support threads
Thread Forum
Manually removing obsolete items from registry
When you delete items from the registry that are no longer installed on the PC...can you just delete the 'key' in the left hand column...or should you only delete the info in the right hand column ? Thanks...TiminAz
Performance & Maintenance
Obsolete prefetch files, can they be deleted ?
Can I safely delete a ".pf" file for a non extent exe file. The original EXE program has been uninstalled. I suspect the prefetch might be sabotaging one of my file-types actions. I assume prefetch runs with boot On my trainer wheels with prefetch :o Thank you :)
General Discussion
Anybody know VB Scripting? Trying to fix an obsolete Gadget.
I've had this gadget That I really love, but it has a couple bugs. The problem is it's no longer supported by the developer. I had managed to fix one (simple formatting error), but the other one I located to being inside a VBScript file. Problem is, I know shit about Visual Basic. I'm pretty sure...
Gadgets
Obsolete folders
I upgraded from XP to 7Pro using the clean install option and used the Easy Transfer facility. I now have a number of folders in Explorer that look like old WP folders eg My Documents, Application Data, Documents and Settings which all appear empty and when I try to open them I get a message to say...
Installation & Setup
How to copy an obsolete program from an old computer?
I have Microsoft Digital Image 2006 on my old laptop, running Windows Vista. I don't remember how I got it on there initially. However, the program is now obsolete and I desperately need it on my new laptop, which is running Windows 7. Is there any way to transfer the program to my new laptop, or...
Software
Removal of unwanted/obsolete add on,help please
I had AVG free anti virus installed on a new computer(Windows 7 home 64)as an interim until i re-activated my Norton subscription.AVG uninstalled,Norton installed but now in IE 8 in manage add-ons AVG Smart Safe(control name is not available) remains no matter what i do(regedit cleanout,changing...
Browsers & Mail

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 12:31.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App