- Status
LORD_ORION has a good point -- there could have been some simple measures taken by mobo makers to avoid this. I can think of a few off hand, such as requiring a user settable password to write to the BIOS or some physical signaling that can't be brute forced by the malware, such as a read-only jumper. Maybe we shouldn't blame vendors just yet though since they never had to worry about this kind of thing until now. Security has always been an evolving landscape and it usually winds up costing lots of money before it gets the attention it deserves.
Also, some people here may not realize that most boards these days don't have removable chips, so if the malware was well written you're basically F'ed in the A with a D prison style, since it could load into RAM before any boot device (BIOS starts before drives or ports are even recognized) and it could make sure that any flash utility that writes to the chip would include itself in the image being written, or just not written at all. Dual bios won't necessarily save you since it could possibly infect that as well (depending on the measures taken by the vendors of course), and how do you select the option to boot to that copy of BIOS without loading the tainted one before making the selection? A well written code could modify your selection right after you make it if that choice is made in software or BIOS itself (i.e. not a jumper). To be clear, I'm not referring the specific malware discussed in this article, but rather that one could imagine these possibilities.
In any case, it seems that vendors could make small modifications to motherboard designs to solve this problem and similar ones going forward. I hope they take notice of the issue.
Also, some people here may not realize that most boards these days don't have removable chips, so if the malware was well written you're basically F'ed in the A with a D prison style, since it could load into RAM before any boot device (BIOS starts before drives or ports are even recognized) and it could make sure that any flash utility that writes to the chip would include itself in the image being written, or just not written at all. Dual bios won't necessarily save you since it could possibly infect that as well (depending on the measures taken by the vendors of course), and how do you select the option to boot to that copy of BIOS without loading the tainted one before making the selection? A well written code could modify your selection right after you make it if that choice is made in software or BIOS itself (i.e. not a jumper). To be clear, I'm not referring the specific malware discussed in this article, but rather that one could imagine these possibilities.
In any case, it seems that vendors could make small modifications to motherboard designs to solve this problem and similar ones going forward. I hope they take notice of the issue.
Vladislaus
Distinguished
- Jul 29, 2010
- 1,290
- 0
- 19,280
[citation][nom]amk-aka-phantom[/nom]I knew someone is gonna say that! 1) The quote I listed in my original post said I was referring to that (HDD format after cleaned BIOS = rootkit pwnd)2) You can also flash the BIOS on boot3) Try GETTING that rootkit... it's not like it's running around the internets and storms every computer it sees... I actually WANT to find and isolate it, then test (use old Celeron 500 MHz rig with XP for that) - add it to my virus zoo after that, if it's functional 4) It's possible to infect the system through the CMOS, maybe. It's also possible to break your PC with a hammer, short the motherboard or throw it out of the window, but the article doesn't say that this particular rootkit does any of these things apart from infecting winlogon.exe, wininit.exe and BIOS. And CMOS can always be reset.This speculation can go on, but you catch my drift... nothing is as scary and dangerous as they describe it. Just know what you're doing, don't panic, and you'll always triumph over any BS malware.[/citation]
Did it perhaps occurred to you that the rootkit may have code to prevent the BIOS from being rewritten?
Did it perhaps occurred to you that the rootkit may have code to prevent the BIOS from being rewritten?
spectrewind
Distinguished
- Mar 25, 2009
- 446
- 0
- 18,790
Isn't this problem rendered harmless by any mainboard that has more than one BIOS chip to work from, (i.e DualBIOS)? If an antivirus can detect an infected BIOS EEPROM (assuming the virus somehow had the ability to WRITE to the EEPROM), I should think that a restore from the backup to primary BIOS, after a checksum failure, should make this a non-issue.
extremepcs
Distinguished
- May 6, 2008
- 380
- 0
- 18,790
Isn't McCrappy trying to get hardware level AV implemented in all Intel (parent company) chipsets? Gee, I can't imagine who would write such a virus...
digitalgriffin
Splendid
- Jan 29, 2008
- 3,540
- 1,480
- 25,390
The solution is simple:
1. Non tamperable ROM reads EEPROM BIOS on bootup.
2. ROM Calculates checksum of 0x432fd2df3e343b2a698b923c3634.
3. ROM does secret math on checkum.
4. ROM reads checksum math formula in EEPROM.
5. If it does not match, then EEPROM has been comprimised, boot from failsafe ROM.
Simple challenge response solution
1. Non tamperable ROM reads EEPROM BIOS on bootup.
2. ROM Calculates checksum of 0x432fd2df3e343b2a698b923c3634.
3. ROM does secret math on checkum.
4. ROM reads checksum math formula in EEPROM.
5. If it does not match, then EEPROM has been comprimised, boot from failsafe ROM.
Simple challenge response solution
[citation][nom]dalethepcman[/nom]this would suck if it started spreading, imaging all the bricked machines that need their BIOS chips replaced. Thank god for UEFI[/citation]
I wasn't aware that god wrote UEFI.
UEFI is not immune to cracking.
The machines actually infected at this point have been few and far between.
Malware exists; it likely always will. Fixes come along and make it pointless, and then a new thing is developed, and the cycle continues. It has been called an "arms race", and I think that's as good a description as any.
As has been said, pay attention to what's happening with your computer, and be sensible about security. It helps to be informed, but no need to panic with every development that hits the news (which often isn't even new).
I wasn't aware that god wrote UEFI.
UEFI is not immune to cracking.
The machines actually infected at this point have been few and far between.
Malware exists; it likely always will. Fixes come along and make it pointless, and then a new thing is developed, and the cycle continues. It has been called an "arms race", and I think that's as good a description as any.
As has been said, pay attention to what's happening with your computer, and be sensible about security. It helps to be informed, but no need to panic with every development that hits the news (which often isn't even new).
jonathan1683
Distinguished
- Jul 15, 2009
- 445
- 33
- 18,840
eddieroolz
Splendid
- Sep 6, 2008
- 7,057
- 0
- 25,860
killkillkill
Distinguished
- Jun 21, 2006
- 18
- 0
- 18,510
My board comes with a cd with a backup bios on it, even if the bios on the board was corrupt, there is no way the one on the cd could be.
- Apr 7, 2008
- 8,771
- 19
- 30,965
TeraMedia
Distinguished
- Jan 26, 2006
- 904
- 1
- 18,990
If they can make it for Award, then you can bet they'll make it for AMI, Phoenix, etc. as well. Yippee. B@stards.
I don't know about the rest of you, but stuff like this really gets me angry at the authors of such code. When we find them, do you think it would be considered "cruel and unusual" to have them guest-star on Mike Rowe's "Dirty Jobs" show? And then maybe for a month on Survivor? But making sure that all of the other contestants know exactly what the coder(s) did, first.
I don't know about the rest of you, but stuff like this really gets me angry at the authors of such code. When we find them, do you think it would be considered "cruel and unusual" to have them guest-star on Mike Rowe's "Dirty Jobs" show? And then maybe for a month on Survivor? But making sure that all of the other contestants know exactly what the coder(s) did, first.
supere989
Distinguished
- Oct 19, 2007
- 57
- 0
- 18,640
[citation][nom]extremepcs[/nom]Isn't McCrappy trying to get hardware level AV implemented in all Intel (parent company) chipsets? Gee, I can't imagine who would write such a virus...[/citation]
LOL and Lets blame the Chinese for it First! ROFLMAO!
LOL and Lets blame the Chinese for it First! ROFLMAO!
I have this on 4 pcs in my home and have mapped it out now for months. It is unstoppable save a new MB or reprogrammed BIOS EEPROM and already affecting Phoenix bios and Win 7 64bit. This is contrary to reports. It controls Ubuntu and all Linux once it corrupts (x
and every other OS since Win95. It writes to finalized recovery CDs and any CD placed in a ROM. I could write all that thing is capable of for 24 hours and still leave things untouched that are of paramount concern. If you have specific questions about this Bioskit, even down to the individual memory sectors and its redundancy exploit using onboard intel graphics, please ask away. Just be warned, It will sound like fiction until you see the printouts for yourself. All of what I can share will be truth and scary.
This thing is going to be alot worse than you think. A great deal of people are showing sypmtoms that very few recognize at this point save the few of us dedicating 100+ hours a week to deciminating its internals. If you have it, DO NOT reformat and reinstall your operating system. The more you fight it and fail, the worse it fights back and makes your recovery disks completely unneeded for a supposed restore. It will eventually infect the CDS with PE file infector until you the restore is no longer even the vendor's. You simply restore your system to the Bioskit's ideal environment; i.e. TOTAL system compromise.
I thought I beat it once until MMC.exe and explorer.exe got tripped up by ntdll.dll(have to look at my saved report on that one) by an exploit that had only been patched 2 days prior and I found my system out of my control again. I was updating windows patches and hadn't gotten to that one yet. Didn't matter tho. My network was already compromised and all the hackers had to do was log into my IP and trip me up midrecovery (if I had really beaten it at all). I cannot replicate what seemed to work before as I have tried so many things on 4 different pcs working 20 hours a day in nearly a dozen OS and PS3 that it all seems a confusing blur of insanity. :-(
Mike
and every other OS since Win95. It writes to finalized recovery CDs and any CD placed in a ROM. I could write all that thing is capable of for 24 hours and still leave things untouched that are of paramount concern. If you have specific questions about this Bioskit, even down to the individual memory sectors and its redundancy exploit using onboard intel graphics, please ask away. Just be warned, It will sound like fiction until you see the printouts for yourself. All of what I can share will be truth and scary. This thing is going to be alot worse than you think. A great deal of people are showing sypmtoms that very few recognize at this point save the few of us dedicating 100+ hours a week to deciminating its internals. If you have it, DO NOT reformat and reinstall your operating system. The more you fight it and fail, the worse it fights back and makes your recovery disks completely unneeded for a supposed restore. It will eventually infect the CDS with PE file infector until you the restore is no longer even the vendor's. You simply restore your system to the Bioskit's ideal environment; i.e. TOTAL system compromise.
I thought I beat it once until MMC.exe and explorer.exe got tripped up by ntdll.dll(have to look at my saved report on that one) by an exploit that had only been patched 2 days prior and I found my system out of my control again. I was updating windows patches and hadn't gotten to that one yet. Didn't matter tho. My network was already compromised and all the hackers had to do was log into my IP and trip me up midrecovery (if I had really beaten it at all). I cannot replicate what seemed to work before as I have tried so many things on 4 different pcs working 20 hours a day in nearly a dozen OS and PS3 that it all seems a confusing blur of insanity. :-(
Mike
- Status
TRENDING THREADS
-
-
RTX 4070 vs RX 7900 GRE faceoff: Which mainstream graphics card is better?- Started by Admin
- Replies: 57
-
Question PC (laptop) Is performing way below potential for a long time
- Started by yololife55
- Replies: 5
-
-
Question Would 32 gigs of ram really make a difference in a xeon e3 1240 v2 and gtx 970 build?- Started by jordanbuilds1
- Replies: 4
-
Question New pc build r9 7900x3d rtx 4080 super no post only ram rgb turns on- Started by Harvey Durward
- Replies: 2
-
Question Bought a new m.2 SSD. Will be added to my build for music programs. Do i need to delete and reinstall these programs?
- Started by rashadd26
- Replies: 10
Facebook
Twitter
Instagram