1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Rootkits in BIOS

Discussion in 'Computer Security' started by ffreeloader, Jan 30, 2006.

  1. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    It seems that "crackers" have a new weapon at their disposal--writing to a computer's BIOS. This would ensure that even if you reinstall the OS on your computer your system would remain compromised.

    Here is an article on the subject.
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1
  2. zxspectrum

    zxspectrum Gigabyte Poster Premium Member

    1,666
    54
    139
    Interesting article there. Just a thought, but you know when you reset your bios password, you take the cover off and remove the battery, then after 5 mins your password if there was one basically becomes reset.So would you not be able to do this for killing off the virus, or have i missed something , please let us know
     
    Certifications: BSc computing and information systems
    WIP: 70-680
  3. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,871
    167
    256
    Cheers Freddy!

    You are missing something :biggrin

    The BIOS rootkit would be installed by flashing the BIOS, in other words, replacing or modifying the BIOS code, not the BIOS data, like the password but the actual code itself. You might be able to re-flash the BIOS to erase the rootkit but I assume anyone clever enough to create a BIOS rootkit would also be able to prevent the new BIOS from being flashed.

    From what I have read on this subject it appears that this tactic would not proliferate in the same manner as malware is currently being rolled out. Due to the plethora of different hardware (motherboards) and the various BIOS's out there, it is far more likely to be an inside job. Someone would probably need physical access to the computer and as we know, if somebody has physical access they can more or less do what they like with the box.
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  4. hbroomhall

    hbroomhall Petabyte Poster Gold Member

    6,623
    115
    224
    In addition to these limitations, the "Dual BIOS" system used by Gigabyte will probably be fairly resistant to this sort of virus.

    Harry.
     
    Certifications: ECDL A+ Network+ i-Net+
    WIP: Server+
  5. zxspectrum

    zxspectrum Gigabyte Poster Premium Member

    1,666
    54
    139
    Well its got me interested for one, besides that article is there any site that anyone knows of i can go to read up more ?

    MORE INPUT MORE INPUT JOHNNY 5 IS ALIVE :D
     
    Certifications: BSc computing and information systems
    WIP: 70-680
  6. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,871
    167
    256
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)

Share This Page

Loading...