1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News Researchers create BIOS malware

Discussion in 'Article Discussion' started by CardJoe, 24 Mar 2009.

  1. Captain Haddock

    Captain Haddock Blistering Barnacles

    Joined:
    21 Apr 2008
    Posts:
    133
    Likes Received:
    5
    Master of the Bleedin' Obvious :-
    Who's idea was it to save the odd 2p per motherboard and REMOVE the BIOS write protect jumper ?
     
  2. aggies11

    aggies11 What's a Dremel?

    Joined:
    4 Jul 2006
    Posts:
    180
    Likes Received:
    1
    Manufacturers should love this. Now the answer to "I have a virus, should I buy a new computer?" becomes a "Yes". It's already a giant pain to remove many rootkits, will we have to now soldier EEPROMs to get around this??
     
  3. Nicb

    Nicb Let's discuss among ourselves

    Joined:
    12 Nov 2008
    Posts:
    211
    Likes Received:
    4
    Not understanding is the basis of fear. A lot of fear on this topic. Watch your back people it's coming to get you........
    Re read this again and again, go to all the links and read them again and again, then look up words and google tech stuff you don't understand and read it again....... and again.
    Maybe if you loan your computer to a hacker convention (with admin rights open) for the weekend it might come back with this malware. But otherwise if it's sitting safe in your room and your looking at all the porn, opening all the e-mail coming your way, excepting every script on pages, and visiting shady sites that could infect your computer. You still have nothing to worry about when it comes to this.

    Read, absorb, understand. I call this a "smoke and mirrors malware". I would not even call it malware. It's more like a couple of guys got creative and had their way with their own computer. They could not do the same to yours unless you "physically" let them.

    With todays software and hardware components we use, this simply can not be done with out physically doing it, and I doubt what ever we innovate too in the future with computers the chances are this will not work remotely but only physically. So keep your computers close at hand and don't let untrusting people open up your case or give them admin rights to break down security to get busy "destroying" your property. And even then if that happens regardless of what any one says this could be resolved. It's only permanent to the non literate computer user.
     
  4. n3mo

    n3mo What's a Dremel?

    Joined:
    15 Oct 2007
    Posts:
    184
    Likes Received:
    1
    Actually, the other way around. EFI is (at least in theory) far more standardized by design than BIOS, thus making it more vulnerable. Only thing that makes developing BIOS-targeted attacks/exploits/etc. not worth the time is the fact that you'd need to write separate code for almost every motherboard available.
     
  5. Otis1337

    Otis1337 aka - Ripp3r

    Joined:
    28 Nov 2007
    Posts:
    4,623
    Likes Received:
    161
    clear CMOS = virus gone
    GG
     
  6. Guest-2867

    Guest-2867 Guest

    CMOS and BIOS are not one and the same.

    As far as I can tell the code re-flashes the bios image with the malware code attached.

    As stated earlier in the thread, a simple BIOS write protect jumper/switch is all that needs to be implemented in future motherboards to stop this in it's tracks.
     
  7. thehippoz

    thehippoz What's a Dremel?

    Joined:
    19 Dec 2008
    Posts:
    5,780
    Likes Received:
    174

    I could do it lol you forget all your admin rights are on your os.. what's to stop someone from just booting a linux distro or any tool- even just a dos boot with flash from a dvd.. and before you say password protect the bios.. it's as simple as popping the battery out or using the cmos clear jumper on the mb

    I'll agree with the fear end of it.. I'm sure guys like the geek squad who are nothing more than salesmen- would love something like this to be deved and go wild.. far as it sticking, the cmos clear jumper won't clear everything- popping out the battery for a few does.. alot of peeps had to do this on the 680i mb's because of the c1 error- it would act like a dead board even with a clear.. pop the battery out, put it back and it magically worked.. nvidia ntune guy to thank for this :D
     
  8. Nicb

    Nicb Let's discuss among ourselves

    Joined:
    12 Nov 2008
    Posts:
    211
    Likes Received:
    4
    thehippoz,
    I was one of them, dealt with it, I have a MSI 680i.

    Personally no one is going to get inside my computer, I have a eletric fence around it. :)

    But don't forget it's easy through admin rights to stop any boot disk from working. A few years ago the company I worked for did that on the laptops they gave us employees. For fun I tried cracking it... and I admitted to it, he just snickered and siad "Boot disk did not work?". (I wasn't going to physically do anything) I spent some time with the IT guy and learned how it was done and traded a few programs with him to even the scale. But of course that only helps if you do it, then again I would/did not on my desk top but did on my personal laptop since its placed in vulnerable situations and holds no valuable info. I use the boot disk when necessary or experimentations with the desktop.

    It's like rock paper scissors. But I know you got me. It's just not happening to people like us,... but for the others, its the price you pay for not knowing about what you have and how to protect it. They just run around with there heads cut off screaming viruses and handing there computers over to Best Buy's Geek Squad and buying expensive virus protection software.

    There is no fear to be had with this so called "malware". :rolleyes:
     
  9. Project_Nightmare

    Project_Nightmare What's a Dremel?

    Joined:
    14 Oct 2006
    Posts:
    54
    Likes Received:
    0
    dang, these people created chiv in the form of malware. Nice work guys, now I'll have to throw away my bios chip when ever I reinstall my hard drive:wallbash:
     
  10. OverQloker

    OverQloker Haven't Touched No Dremel

    Joined:
    5 Jun 2008
    Posts:
    26
    Likes Received:
    0
    BIOS and OS

    how can a malware in bios, be able to diable the av, which runs in the kernel's memory space...
    is it possible to keep track/scan of changing 2^32 memory bits, by just some little assemply level program writtn in <16KB :confused:
     
Tags: Add Tags

Share This Page