New BIOS Virus Withstands HDD Wipes

Status
Not open for further replies.

sacre

Distinguished
Jul 13, 2006
379
0
18,780
Ok.. so this Virus literally destroys the Bios chip if advanced enough..

EVERYONE! Quick! Buy stocks from the new company called "RYB (Replace your Bios) they will make Removable Bios chips from Mobo's, and they will be the Bios suppliers.. yup
 
G

Guest

Guest
...lol, guess what Conficker's April 1st update will bring. Bios flashing support :-\
 

pocketdrummer

Distinguished
Dec 1, 2007
1,087
32
19,310
I wish it were easier to find virus makers. That's the one case I could justify the old law of cutting off peoples hands. Of course, then he'll probably buy Dragon Naturally Speaking and keep making them. I guess the tongue would be the 2nd offense, lol.
 

eklipz330

Distinguished
Jul 7, 2008
3,034
19
20,795
[citation][nom]andertp[/nom]...lol, guess what Conficker's April 1st update will bring. Bios flashing support :-\[/citation]

shh you might put ideas into their heads =[
 
G

Guest

Guest
no.

then it would just spread to the next one...

the virus first is at the OS level and then flashes itself into the hardware/bios level... the original rootkit still is on the os level data... so you'd just spread it around if you did that

do you not understand that? you'd have to reflash a completely new bios to it and in the newer dual bios chips get an entirely new chip... AND reformat the HDD... only way to get rid of a nasty thing like this once it gets inside your system
 

mdillenbeck

Distinguished
Jun 11, 2008
504
0
18,980
Hmmm, we all like the convenience of a flashable bios - but I wonder if this will encourage motherboard manufacturers to make some old-fashioned read-only bios models in the business class of motherboards. (Personally, I think I'd like that option as a home power user.)
 

judeh101

Distinguished
Nov 27, 2008
73
0
18,630
[citation][nom]thogrom[/nom]no. then it would just spread to the next one...the virus first is at the OS level and then flashes itself into the hardware/bios level... the original rootkit still is on the os level data... so you'd just spread it around if you did thatdo you not understand that? you'd have to reflash a completely new bios to it and in the newer dual bios chips get an entirely new chip... AND reformat the HDD... only way to get rid of a nasty thing like this once it gets inside your system[/citation]

I didn't make it clear enough, sorry :p
you can put the hdd into another computer, then boot into dos with another hard drive, then retrieve data that way :)
 

spuddyt

Distinguished
Jul 21, 2007
2,114
0
19,780
is it not possible to set a password, entirely seperate from anything on the operating system to disallow any bios access? That would seem the simplest solution.
 

rtfm

Distinguished
Feb 21, 2007
526
0
18,980
I'm with spuddy, just have the bios require a password (not in the os) to allow it to be flashed. So, you go to your BIOS, enter the password (or set the option) which allows flashing for this boot time only and away you go (easy really)......
 

evade57

Distinguished
Mar 28, 2009
1
0
18,510
I'm pulling out my old Tandy 1000HX on April 1st.....
BIOS can't be reflashed....
OS can't be reflashed.....(on chip)
Internet access WILL be difficult tho.....
I like the Skynet comment....not far from the truth on many levels....
 
G

Guest

Guest
This story is nothing new to me. Being a member of the Security Community, I've been aware of this for awhile now. These BIOS RootKits are referred to as BootKits. They infect the BIOS, load into memory and reside on the Hard Drive. So formatting the drive and doing a fresh install has no effect as it's in both the BIOS and resides in memory. Pulling the drive and booting from it in another system, you risk infecting the other system unless you first connect it as a secondary drive, then do a full scan so as to remove any trace of it from the drive first.
 
G

Guest

Guest
A good anti-virus should also block any bios changes, and a good bios should bring a confirmation window.
 
Status
Not open for further replies.