New BIOS Virus Withstands HDD Wipes

[Marcus Yam]

Computer viruses are nasty things. But the nasty just got nastier.


New BIOS Virus Withstands HDD Wipes : Read more

 

[sacre]

Ok.. so this Virus literally destroys the Bios chip if advanced enough..

EVERYONE! Quick! Buy stocks from the new company called "RYB (Replace your Bios) they will make Removable Bios chips from Mobo's, and they will be the Bios suppliers.. yup

 

[Guest]

...lol, guess what Conficker's April 1st update will bring. Bios flashing support :-\

 

[Shadow703793]

One thing I notice is that it's written in Python. Interesting choice for a virus language.

 

[Tekkamanraiden]

Guess it's time to switch to efi.

 

[pocketdrummer]

I wish it were easier to find virus makers. That's the one case I could justify the old law of cutting off peoples hands. Of course, then he'll probably buy Dragon Naturally Speaking and keep making them. I guess the tongue would be the 2nd offense, lol.

 

[eklipz330]

[citation][nom]andertp[/nom]...lol, guess what Conficker's April 1st update will bring. Bios flashing support :-\[/citation]

shh you might put ideas into their heads =[

 

[judeh101]

I'll just take out my hard drive, and place it in another computer! Data saved.

 

[Guest]

no.

then it would just spread to the next one...

the virus first is at the OS level and then flashes itself into the hardware/bios level... the original rootkit still is on the os level data... so you'd just spread it around if you did that

do you not understand that? you'd have to reflash a completely new bios to it and in the newer dual bios chips get an entirely new chip... AND reformat the HDD... only way to get rid of a nasty thing like this once it gets inside your system

 

[wikiwikiwhat]

April Fool's early?

 

[mdillenbeck]

Hmmm, we all like the convenience of a flashable bios - but I wonder if this will encourage motherboard manufacturers to make some old-fashioned read-only bios models in the business class of motherboards. (Personally, I think I'd like that option as a home power user.)

 

[judeh101]

[citation][nom]thogrom[/nom]no. then it would just spread to the next one...the virus first is at the OS level and then flashes itself into the hardware/bios level... the original rootkit still is on the os level data... so you'd just spread it around if you did thatdo you not understand that? you'd have to reflash a completely new bios to it and in the newer dual bios chips get an entirely new chip... AND reformat the HDD... only way to get rid of a nasty thing like this once it gets inside your system[/citation]

I didn't make it clear enough, sorry
you can put the hdd into another computer, then boot into dos with another hard drive, then retrieve data that way

 

[spuddyt]

is it not possible to set a password, entirely seperate from anything on the operating system to disallow any bios access? That would seem the simplest solution.

 

[mrubermonkey]

The virus is Skynet!

 

[fazers_on_stun]

Some older mobos actually required a switch or jumper to be set before you could flash the BIOS. Clearly we have sacrificed security for convenience here..

 

[Guest]

Jumpers and DIP switches are your friends.

 

[terror112]

I foresee the end of the world...

 

[pirateboy]

bios viruses aren't new, they have existed for years.

 

[rtfm]

I'm with spuddy, just have the bios require a password (not in the os) to allow it to be flashed. So, you go to your BIOS, enter the password (or set the option) which allows flashing for this boot time only and away you go (easy really)......

 

[evade57]

I'm pulling out my old Tandy 1000HX on April 1st.....
BIOS can't be reflashed....
OS can't be reflashed.....(on chip)
Internet access WILL be difficult tho.....
I like the Skynet comment....not far from the truth on many levels....

 

[christop]

I hope this is just hype.. I don't want to replace my bios again...

 

[Guest]

This story is nothing new to me. Being a member of the Security Community, I've been aware of this for awhile now. These BIOS RootKits are referred to as BootKits. They infect the BIOS, load into memory and reside on the Hard Drive. So formatting the drive and doing a fresh install has no effect as it's in both the BIOS and resides in memory. Pulling the drive and booting from it in another system, you risk infecting the other system unless you first connect it as a secondary drive, then do a full scan so as to remove any trace of it from the drive first.

 

[n3ard3ath]

People with their oh so clever investing 'advice' makes me laugh. Go watch Wall Street movie or something.

 

[Guest]

A good anti-virus should also block any bios changes, and a good bios should bring a confirmation window.

 

[Shadow703793]

This goes to show that they should really have not made BIOS flashable from OS. lol.