New BIOS Virus Withstands HDD Wipes

Status
Not open for further replies.
Ok.. so this Virus literally destroys the Bios chip if advanced enough..

EVERYONE! Quick! Buy stocks from the new company called "RYB (Replace your Bios) they will make Removable Bios chips from Mobo's, and they will be the Bios suppliers.. yup
 
...lol, guess what Conficker's April 1st update will bring. Bios flashing support :-\
 
I wish it were easier to find virus makers. That's the one case I could justify the old law of cutting off peoples hands. Of course, then he'll probably buy Dragon Naturally Speaking and keep making them. I guess the tongue would be the 2nd offense, lol.
 
[citation][nom]andertp[/nom]...lol, guess what Conficker's April 1st update will bring. Bios flashing support :-\[/citation]

shh you might put ideas into their heads =[
 
no.

then it would just spread to the next one...

the virus first is at the OS level and then flashes itself into the hardware/bios level... the original rootkit still is on the os level data... so you'd just spread it around if you did that

do you not understand that? you'd have to reflash a completely new bios to it and in the newer dual bios chips get an entirely new chip... AND reformat the HDD... only way to get rid of a nasty thing like this once it gets inside your system
 
Hmmm, we all like the convenience of a flashable bios - but I wonder if this will encourage motherboard manufacturers to make some old-fashioned read-only bios models in the business class of motherboards. (Personally, I think I'd like that option as a home power user.)
 
[citation][nom]thogrom[/nom]no. then it would just spread to the next one...the virus first is at the OS level and then flashes itself into the hardware/bios level... the original rootkit still is on the os level data... so you'd just spread it around if you did thatdo you not understand that? you'd have to reflash a completely new bios to it and in the newer dual bios chips get an entirely new chip... AND reformat the HDD... only way to get rid of a nasty thing like this once it gets inside your system[/citation]

I didn't make it clear enough, sorry 😛
you can put the hdd into another computer, then boot into dos with another hard drive, then retrieve data that way :)
 
is it not possible to set a password, entirely seperate from anything on the operating system to disallow any bios access? That would seem the simplest solution.
 
I'm with spuddy, just have the bios require a password (not in the os) to allow it to be flashed. So, you go to your BIOS, enter the password (or set the option) which allows flashing for this boot time only and away you go (easy really)......
 
I'm pulling out my old Tandy 1000HX on April 1st.....
BIOS can't be reflashed....
OS can't be reflashed.....(on chip)
Internet access WILL be difficult tho.....
I like the Skynet comment....not far from the truth on many levels....
 
This story is nothing new to me. Being a member of the Security Community, I've been aware of this for awhile now. These BIOS RootKits are referred to as BootKits. They infect the BIOS, load into memory and reside on the Hard Drive. So formatting the drive and doing a fresh install has no effect as it's in both the BIOS and resides in memory. Pulling the drive and booting from it in another system, you risk infecting the other system unless you first connect it as a secondary drive, then do a full scan so as to remove any trace of it from the drive first.
 
A good anti-virus should also block any bios changes, and a good bios should bring a confirmation window.
 
Status
Not open for further replies.