Security software company Webroot says a BIOS rootkit has been found in the wild.
Webroot Discovers BIOS Rootkit : Read more
Webroot Discovers BIOS Rootkit : Read more
- Status
HMRkingpin
Distinguished
- Jun 9, 2011
- 90
- 0
- 18,640
amk-aka-Phantom
Distinguished
- Mar 10, 2011
- 3,004
- 0
- 20,860
[citation][nom]HMRkingpin[/nom]Remember..... The best line of defense is you. Be careful of what you open and click on.[/citation]
+over 9000. No antivirus will help you if you're stupid and careless.
+over 9000. No antivirus will help you if you're stupid and careless.
amk-aka-Phantom
Distinguished
- Mar 10, 2011
- 3,004
- 0
- 20,860
offerings12
Distinguished
- Aug 30, 2010
- 14
- 0
- 18,510
dalethepcman
Distinguished
- Jul 1, 2010
- 1,636
- 0
- 19,860
this would suck if it started spreading, imaging all the bricked machines that need their BIOS chips replaced. Thank god for UEFI
[citation][nom]offerings12[/nom]Flash the bios.... poof gone[/citation]
I don't really think the issue should be considered that simple. Can you imagine how long it would take you to find out that you had an infected BIOS? And if there's one thing I don't like to mess with on my PC it's the BIOS. BIOSes are perfect example of: if it ain't broke don't fix it". If I had an infected BIOS it would prbably be one of the last places I would look. Also: even though this virus is targeted towards the Chinese any person who has a virus on his/her computer affects us all.
I don't really think the issue should be considered that simple. Can you imagine how long it would take you to find out that you had an infected BIOS? And if there's one thing I don't like to mess with on my PC it's the BIOS. BIOSes are perfect example of: if it ain't broke don't fix it". If I had an infected BIOS it would prbably be one of the last places I would look. Also: even though this virus is targeted towards the Chinese any person who has a virus on his/her computer affects us all.
[citation][nom]amk-aka-phantom[/nom]Blah blah blah blah blah... flash the BIOS, format the hard drive, problem solved... /facepalm[/citation]And you're going to do that with a BIOS flash utility, running on an infected OS, connecting to an infected BIOS, and you think the malware writers didn't plan for that? The only program that has more control over your system than the BIOS is the CPU microcode (which the BIOS can also patch to fix CPU bugs). I think it's also possible to infect the BIOS boot recovery block so unless you have a system with a dual BIOS (like some server MBs), then you're not going to get rid of it. It's also possible to infect the system through the CMOS.
In the old days the solution was to pull the BIOS ROM, reprogram it on a PROM burner with a clean BIOS copy, clear the CMOS, then reinstall the ROM. Not so easy to do on today's systems.
In the old days the solution was to pull the BIOS ROM, reprogram it on a PROM burner with a clean BIOS copy, clear the CMOS, then reinstall the ROM. Not so easy to do on today's systems.
warezme
Distinguished
- Dec 18, 2006
- 2,450
- 56
- 19,890
[citation][nom]jhansonxi[/nom]And you're going to do that with a BIOS flash utility, running on an infected OS, connecting to an infected BIOS, and you think the malware writers didn't plan for that? The only program that has more control over your system than the BIOS is the CPU microcode (which the BIOS can also patch to fix CPU bugs). I think it's also possible to infect the BIOS boot recovery block so unless you have a system with a dual BIOS (like some server MBs), then you're not going to get rid of it. It's also possible to infect the system through the CMOS.In the old days the solution was to pull the BIOS ROM, reprogram it on a PROM burner with a clean BIOS copy, clear the CMOS, then reinstall the ROM. Not so easy to do on today's systems.[/citation]
Why not? You should be flashing the bios from either a bootable CD, thumbdrive or floppy. Windows shouldn't be in the way just for such reasons and more. Bios FLash - 5 minutes, tops.
Why not? You should be flashing the bios from either a bootable CD, thumbdrive or floppy. Windows shouldn't be in the way just for such reasons and more. Bios FLash - 5 minutes, tops.
Netherscourge
Distinguished
- May 26, 2009
- 390
- 0
- 18,780
Can't the BIOS be infected to the point it prevents a CD/DVD from being booted upon launch though?
Netherscourge
Distinguished
- May 26, 2009
- 390
- 0
- 18,780
...thereby making a bootable CD with a BIOS flash utility on it worthless?
...same with bootable USB Drives and any other device that the BIOS has boot-control over?
...same with bootable USB Drives and any other device that the BIOS has boot-control over?
amk-aka-Phantom
Distinguished
- Mar 10, 2011
- 3,004
- 0
- 20,860
I knew someone is gonna say that!
1) The quote I listed in my original post said
I was referring to that (HDD format after cleaned BIOS = rootkit pwnd)
2) You can also flash the BIOS on boot
3) Try GETTING that rootkit... it's not like it's running around the internets and storms every computer it sees... I actually WANT to find and isolate it, then test (use old Celeron 500 MHz rig with XP for that) - add it to my virus zoo after that, if it's functional
4) It's possible to infect the system through the CMOS, maybe. It's also possible to break your PC with a hammer, short the motherboard or throw it out of the window, but the article doesn't say that this particular rootkit does any of these things apart from infecting winlogon.exe, wininit.exe and BIOS. And CMOS can always be reset.
This speculation can go on, but you catch my drift... nothing is as scary and dangerous as they describe it. Just know what you're doing, don't panic, and you'll always triumph over any BS malware.
amk-aka-Phantom
Distinguished
- Mar 10, 2011
- 3,004
- 0
- 20,860
It probably can, but I think the mobo makers aren't that stupid and planned for it, too. However, in this case I will flash from OS, then take out the HDD and flash on boot again. If, however, the rootkit screwed up the system so much that you cannot boot ANYTHING, I applaud the malware writer and wonder why didn't he just fry my hardware instead of leaving me an easy route out: replace BIOS chip.
LORD_ORION
Distinguished
- Sep 12, 2007
- 814
- 0
- 18,980
How does it infect the bios in the 1st place? Looks like there is a big gaping security hole if the BIOS can be touched during normal PC operation.
nforce4max
Splendid
- Sep 9, 2009
- 8,337
- 0
- 31,460
This is why my room is filled with mostly computers and a few old antiques. I personally know to be more careful than the average users and that no anti virus program out there is idiot proof. I have found that such programs have their shortcomings that can and often really make things all to easy for an infection to take place.
Any college level firewall and network security class is worth the money.
Any college level firewall and network security class is worth the money.
@LORD_ORION
modern mobos allow flashing through windows using specially crafted software, im guessing it doesn't take someone with exceptional talent to reverse engineer one of these. The role of the bios is to enable the system to boot into the OS, once the OS is up and running the BIOS literally hands over control of the system to the OS
modern mobos allow flashing through windows using specially crafted software, im guessing it doesn't take someone with exceptional talent to reverse engineer one of these. The role of the bios is to enable the system to boot into the OS, once the OS is up and running the BIOS literally hands over control of the system to the OS
iam2thecrowe
Glorious
- Jul 4, 2010
- 10,591
- 21
- 44,965
[citation][nom]warezme[/nom]Why not? You should be flashing the bios from either a bootable CD, thumbdrive or floppy. Windows shouldn't be in the way just for such reasons and more. Bios FLash - 5 minutes, tops.[/citation]
It doesn't matter if you use a bootable CD, thumbdrive or floppy the BIOS still runs first and therefore the virus will be running.
It doesn't matter if you use a bootable CD, thumbdrive or floppy the BIOS still runs first and therefore the virus will be running.
g00fysmiley
Distinguished
- Apr 30, 2010
- 2,175
- 0
- 19,860
hmm... I usually offer hooking up infected hdd to my system quarentine em pull somebody's files before a windows reinstall... I'm going to start doing that on my old pc
Hmmm.... there has been talks that antivirus companies developing their virus just to make their antivirus software sell. So it was announced the intel and macafe has developed an intivirus that would counteract virus that are "deeply-rooted malware that typically embeds themselves outside the OS to evade current security solutions" as seen in this article "http://www.tomshardware.com/news/McAfee-DeepSAFE-malware-rootkit-Paul-Otellini,13436.html" and now webroot detects this kind of virus. Hmmm... coincidence? or marketing?
- Status
TRENDING THREADS
-
-
-
Question Help in troubleshooting possible graphics card issue?
- Started by nort99
- Replies: 5
-
Question RX 6600 visual glitches right after upgrading to it- Started by Wamek
- Replies: 4
-
News US sanctions transform China into legacy chip production juggernaut — production jumped 40% in Q1 2024- Started by Admin
- Replies: 35
-
Facebook
Twitter
Instagram