Hi everybody
The latest set of rootkit viruses can now theoretically mess up your BIOS making it virtually impossible to disinfect your computer by traditional means.
These don't work "normally" (as in "normal virus code") so current AV software is powerless to detect this stuff.
So at least apply a BIOS password or a BIOS LOCK to your machine.
New BIOS Virus Withstands HDD Wipes - Tom's Hardware
Cheers
jimbo
Hi jimbo,
Please pick the appropriate Forum to post your threads in. Thank you.
Moved to Security Forum.
Viruses are getting ridiculous now
Thanks for letting us know, but as I always say, the best protection is a good Scanner and a good Brain
Right that is me sh+++ing myself. How do you lock bios or whatever. I wouldn't know how to flash bios but when I have posted this I am going to learn it. How do you password protect bios?
I know these security experts lay it on a bit hard but I would still like to know.
I would be more concerned about being abducted by Aliens.
I'm suspisious of anything involving April fools dayon the other hand i'm gonna be the most safety contious i've been in a long long long time. I've now gone and PW protected my BIOS
Week old news this thread should be locked after this In many worst case scenarios, a hard drive wipe is the final solution to ridding a system of an infection. But the absolute worst case scenario is if a virus attacks the BIOS, making detection and cleaning an incredible challenge.
Viruses that target the BIOS aren’t new, but often they are specific to a type of hardware. Researchers have now demonstrated a new type of attack that could install a rootkit on the BIOS of common systems, making it very lethal and effective.
Anibal L. Sacco and Alfredo A. Ortego of Core Security Technologies released a presentation detailing the exploit of this “persistent BIOS infection.” Through the use of a 100-line piece of code written in Python, a rootkit could be flashed into the BIOS and be run completely independent of the operating system.
"We tested the system on the most common types of Bios," said Ortega in a vunet story. "There is the possibility that newer types of Extensible Firmware Interface Bios may be resistant to the attack, but more testing is needed."
Flashing a system’s BIOS requires administrative control, but that could first be obtained through a more ‘innocent’ virus that could reside on the hard disk drive. Once an attacker has admin rights, the rootkit could be flashed onto the BIOS and would remain effective even if the original virus on the hard disk were removed. Even a complete format wouldn’t rid the system of the virus.
"You would need to reflash the Bios with a system that you know has not been tampered with," he said. "But if the rootkit is sophisticated enough it may be necessary to physically remove and replace the Bios chip."
There is defense against such an attack, however, as the researchers say that a password or physical lock against BIOS flashes could block the install of the rootkit.
"The best approach is preventing the virus from flashing onto the Bios," said Sacco. "You need to prevent flashing of the bios, even if it means pulling out jumper on motherboard."
http://www.coresecurity.com/files/at...nSecWest09.pdf
bah this is not new. Anyone remember CIH/chyrnobyl? old idea with a new twist is all. keep the box from getting infected in the first place instead of worrying about what to do when it is.
Of course the idea is not new - neither is hacking or phreaking, neither is a virus with an April 1 time bomb deadline, neither is DDoS...
what makes this particularly nasty is that they have gotten sophisticated enough that they can actually *hide* from prying eyes of rootkit removal tools and traditional AV and AM software - and moreover, a BIOS PW is not necessarily going to protect you these days - I have performed a couple of BIOS upgrades where the settings were retained, including the PW. Setting a BIOS PW would help - if you go into your BIOS often enough and the PW gets compromised (as in removed). However, setting a System startup PW would be better - except, of course, for those that leave their machines on for months at a time, or performing only soft resets that do not activate the System PW.
The point is that malware is getting more and more sophisticated - as our hardware, software, everything else is as well. You have to be on your guard and start learning about prevention now or else you're more than likely going to end up being a victim to some sort of malware somewhere.
Quote