Jump to content
Sign in to follow this  
ninjageek

A bios virus I had no clue??

Recommended Posts

I had No clue there was a virus that got ahold of the Bios?? And of course there is no way a scanner will catch it. I have been using google to find out more but not allot of information.

  I pass word protect my bios to keep anyone from changing it. I can with this motherboard also set it so it wont ask for the bios password every time you boot but to change anything with in the bios you need a password.  The way I understand what I have found so far its One nasty virus. They say even a reflash of the bios will not get rid of it. In short you have to replace a chip on the motherboard itself??

Seen talk there are a few floating around, of course everything goes in cycles so I guess in time it could be a problem again. Just hope someone comes allong to better explain it.

Share this post


Link to post
Share on other sites

Thats interesting.

An article on it.

http://www.vnunet.com/vnunet/news/2239320/bios-attack-renders-antivirus

New Bios attack renders anti-virus useless

Only solution may be physically removing Bios chip, say researchers

Iain Thomson in San Francisco

vnunet.com, 26 Mar 2009

A new form of attack that installs a rootkit directly onto a computer's Bios system would render anti-virus software useless, researchers have warned.

Alfredo Ortego and Anibal Sacco of Core Security Technologies explained that the attack is possible against almost all types of common Bios systems in use today.

The researchers devised a 100-line Python script that could be flashed onto the Bios to install a rootkit. Because the Bios software activates before any other program on a computer when it starts up, normal anti-virus software would be unable to detect it.

"We tested the system on the most common types of Bios," said Ortega. "There is the possibility that newer types of Extensible Firmware Interface Bios may be resistant to the attack, but more testing is needed."

The attack is only possible if the attacker already has full administrative control of the target PC, but this is possible through a standard virus infection. Once that is achieved, the malware operator would be able to flash a rootkit directly onto the Bios.

Even if the initial virus was detected and removed, the computer would still be under remote control. A full wipe of the hard drive and complete reinstallation of the operating system would not remove it, the researchers warned.

If a sophisticated rootkit was put onto the Bios it could be even more difficult for an administrator to debug the system, according to Ivan Arce, chief technology officer at Core Security.

"You would need to reflash the Bios with a system that you know has not been tampered with," he said. "But if the rootkit is sophisticated enough it may be necessary to physically remove and replace the Bios chip."

The attack vector is also usable against virtual systems, the researchers said. The Bios in VMware is embedded as a module in main VMware executable, and thus could be altered.

However, it is possible to protect against this attack by locking down the Bios chip from flash updates, either physically or by password-protecting the system against unauthorised changes.

"The best approach is preventing the virus from flashing onto the Bios," said Sacco. "You need to prevent flashing of the bios, even if it means pulling out jumper on motherboard."

Share this post


Link to post
Share on other sites

I would think password protecting the bios is your best line of defence agains this. So any changes to the bios must enter a password first to change. May not be a bad Idea to tell everyone to do the same. If this thing gets out it could be a huge mess.

Yep, me too, and usually there is a virus protection area within the bios itself, and a "beep" notification that goes with it , if there is a virus detected. So yea, from what I understand do this, and your good to go.

Share this post


Link to post
Share on other sites

Thanks Laptop manufacturers for helping people get back their stolen laptops,,,,,,, via a BIOS Rootkit that calls home and is insecure.  :tickedoff:

http://blogs.zdnet.com/security/?p=3828

Researchers find insecure BIOS 'rootkit' pre-loaded in laptops

LAS VEGAS

Share this post


Link to post
Share on other sites

Man that sucks so bad

Password might not be the best thing anymore since there a are lots of programs that can crack it / remove it that could easily be implemented to a virus since they are some that open source or are DOS base

Some programs are even release by manufactures such as Unlock6 by HP

Man this could suck major ass if it ever gets widespread

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...