LORD_ORION has a good point -- there could have been some simple measures taken by mobo makers to avoid this. I can think of a few off hand, such as requiring a user settable password to write to the BIOS or some physical signaling that can't be brute forced by the malware, such as a read-only jumper. Maybe we shouldn't blame vendors just yet though since they never had to worry about this kind of thing until now. Security has always been an evolving landscape and it usually winds up costing lots of money before it gets the attention it deserves.
Also, some people here may not realize that most boards these days don't have removable chips, so if the malware was well written you're basically F'ed in the A with a D prison style, since it could load into RAM before any boot device (BIOS starts before drives or ports are even recognized) and it could make sure that any flash utility that writes to the chip would include itself in the image being written, or just not written at all. Dual bios won't necessarily save you since it could possibly infect that as well (depending on the measures taken by the vendors of course), and how do you select the option to boot to that copy of BIOS without loading the tainted one before making the selection? A well written code could modify your selection right after you make it if that choice is made in software or BIOS itself (i.e. not a jumper). To be clear, I'm not referring the specific malware discussed in this article, but rather that one could imagine these possibilities.
In any case, it seems that vendors could make small modifications to motherboard designs to solve this problem and similar ones going forward. I hope they take notice of the issue.