Rootkits in BIOS

Discussion in 'Computer Security' started by ffreeloader, Jan 30, 2006.

  1. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    It seems that "crackers" have a new weapon at their disposal--writing to a computer's BIOS. This would ensure that even if you reinstall the OS on your computer your system would remain compromised.

    Here is an article on the subject.
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1
  2. zxspectrum

    zxspectrum Terabyte Poster Forum Leader Gold Member

    2,023
    188
    219
    Interesting article there. Just a thought, but you know when you reset your bios password, you take the cover off and remove the battery, then after 5 mins your password if there was one basically becomes reset.So would you not be able to do this for killing off the virus, or have i missed something , please let us know
     
    Certifications: BSc computing and information systems
    WIP: 70-680
  3. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,877
    179
    256
    Cheers Freddy!

    You are missing something :biggrin

    The BIOS rootkit would be installed by flashing the BIOS, in other words, replacing or modifying the BIOS code, not the BIOS data, like the password but the actual code itself. You might be able to re-flash the BIOS to erase the rootkit but I assume anyone clever enough to create a BIOS rootkit would also be able to prevent the new BIOS from being flashed.

    From what I have read on this subject it appears that this tactic would not proliferate in the same manner as malware is currently being rolled out. Due to the plethora of different hardware (motherboards) and the various BIOS's out there, it is far more likely to be an inside job. Someone would probably need physical access to the computer and as we know, if somebody has physical access they can more or less do what they like with the box.
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  4. hbroomhall

    hbroomhall Petabyte Poster Gold Member

    6,623
    115
    224
    In addition to these limitations, the "Dual BIOS" system used by Gigabyte will probably be fairly resistant to this sort of virus.

    Harry.
     
    Certifications: ECDL A+ Network+ i-Net+
    WIP: Server+
  5. zxspectrum

    zxspectrum Terabyte Poster Forum Leader Gold Member

    2,023
    188
    219
    Well its got me interested for one, besides that article is there any site that anyone knows of i can go to read up more ?

    MORE INPUT MORE INPUT JOHNNY 5 IS ALIVE :D
     
    Certifications: BSc computing and information systems
    WIP: 70-680
  6. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,877
    179
    256
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)

Share This Page

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.