Jump to content


Photo

BIOS Trojans/Virus? Seriously?

BIOS Trojan

  • Please log in to reply
5 replies to this topic

#1 psychicguy

psychicguy

    Advanced Member

  • Helper Trainee
  • PipPipPip
  • 126 posts

Posted 11 September 2014 - 01:36 PM

I was just looking around on the web learning about Malware removal and seeing some posts on SpywareInfoForum.com, then on another forum I noticed something that was pretty bad....I learned through a post on a website called SpywareHammer.com that this person was dealing with a Trojan virus that literally can store itself in the BIOS.  I don't know that much about it but I think that means its in the motherboard, correct me please if I am wrong.

 

 

I honestly didn't even believe that this was possible but its really a dirty way to play, especially if you can't flash your motherboard.

 

 

I wonder how people can prevent this type of virus from infecting.

 

Here is the link to the thread: http://spywarehammer...ic,15638.0.html

 

 

I hope I posted this topic in the right section of the forums. :p


Edited by psychicguy, 12 September 2014 - 08:43 AM.


#2 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,480 posts

Posted 12 September 2014 - 05:22 AM

There has been a virus that would corrupt BIOS settings where you would have to clear and reset your CMOS settings, and there was a virus that would actually corrupt the BIOS (Chernobyl), but I don't believe there has been one that would actually infected the BIOS. There are too many BIOSes and motherboard models, and likely not enough spare room in a flash BIOS to make this a practical way to infect a system. There would need to be enough room on the chip to both contain the BIOS and virus and still be able to boot the system to make this possible, and all that would need to be done to prevent this would be to move a jumper on the motherboard to write-protect the flash BIOS chip if that was an option on that particular make/model motherboard. People claiming a virus infected their BIOS is generally from people that can't figure out what the problem is, or can't find the virus to remove, such as a virus hidden with a rootkit or an MBR infector.


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#3 psychicguy

psychicguy

    Advanced Member

  • Helper Trainee
  • PipPipPip
  • 126 posts

Posted 12 September 2014 - 08:44 AM

There has been a virus that would corrupt BIOS settings where you would have to clear and reset your CMOS settings, and there was a virus that would actually corrupt the BIOS (Chernobyl), but I don't believe there has been one that would actually infected the BIOS. There are too many BIOSes and motherboard models, and likely not enough spare room in a flash BIOS to make this a practical way to infect a system. There would need to be enough room on the chip to both contain the BIOS and virus and still be able to boot the system to make this possible, and all that would need to be done to prevent this would be to move a jumper on the motherboard to write-protect the flash BIOS chip if that was an option on that particular make/model motherboard. People claiming a virus infected their BIOS is generally from people that can't figure out what the problem is, or can't find the virus to remove, such as a virus hidden with a rootkit or an MBR infector.

 

That makes a lot of sense.  I added the link to my first post, if you want to look at it.  Mabye you can tell me if it is what I think it is. :think:



#4 snemelk

snemelk

    inżynier

  • Expert
  • PipPipPipPipPip
  • 3,099 posts

Posted 12 September 2014 - 02:58 PM

Link: Mebromi, a bios-flashing trojan

As TheJoker said, "not a practical way to infect a system"...
c18903e63196580f.gif

snemelk.hekko.pl - - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#5 psychicguy

psychicguy

    Advanced Member

  • Helper Trainee
  • PipPipPip
  • 126 posts

Posted 12 September 2014 - 05:13 PM

Link: Mebromi, a bios-flashing trojan

As TheJoker said, "not a practical way to infect a system"...

 

I suppose its not practical only because it only can Inject into Award Motherboards BIOS since the trojan was targetted for only those motherboards.


Edited by psychicguy, 12 September 2014 - 05:14 PM.


#6 snemelk

snemelk

    inżynier

  • Expert
  • PipPipPipPipPip
  • 3,099 posts

Posted 13 September 2014 - 12:14 PM

Not really... One of the lasts paragraphs from this article: Mebromi: the first BIOS rootkit in the wild (the first link is dead, it seems) puts it very nicely; quoting: "(...) it will hardly become a major threat because of the level of complexity needed to achieve the goal."
There are many BIOS types, and I'm not sure if it would be even possible to create an infection capable of patching most of them. Secondly, flashing BIOS is potentially dangerous, many things can go wrong. Finally, since there are many infection techniques that actually work, there is no need to try such a sophisticated method.
And the fact Mebromi only targetted Award BIOS rom means the scope of attack was limited.
c18903e63196580f.gif

snemelk.hekko.pl - - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.




Member of UNITE
Support SpywareInfo Forum - click the button