Remove-Malware.com Forums

[pranaygtr]

NOTE TO MODERATORS: I know that there is an ancient thread relative to this topic. If the moderators don't deem it appropriate to start another "BIOS Rootkit" thread, please merge this with the old "BIOS Rootkit" thread. I posted on the old thread but it will not show up on the 'active posts' board.

Moved to General Discussions until fixed.

[ZOU]

Thank you.

[bogdan]

I am simply wondering, out of pure curiosity, if any of rM's members have ever had a BIOS Rootkit.

Not me.

Is it true that a hacker would have to have physical access to a computer to install one?

Not necessarily. Theoretically it can be done remotely if the attacker gains root/admin access. Some manufacturers (or most) offer tools that you can use to upgrade your BIOS from within Windows. The attacker has to do the same thing.

What does that mean (inject code)?

Alter the original code.

With that being said, a BIOS rootkit is pretty sophisticated, and as long as malware authors have much easier options to infect your system (like kernel-mode drivers or MBR) I doubt you'll ever see one in the wild. The BIOS from one manufacturer differs from the others so a universal BIOS rootkit doesn't really exist.

[ZOU]

Thanks for the info.

It is a trip when the BIOS is involved. From what I have read, even if you format your drive with Dban and installed a new copy of Windows because your machine was so wasted, the Rootkit would still be there since it is in the BIOS. That would be a real mess.

Is it safe to assume that if someone got one that they would have to replace hardware, or are there less tedious methods for ridding it from the BIOS?

[bogdan]

Most motherboards offer ways to reset your BIOS either by using a jumper on your motherboard (look for something like BIOS or CMOS Reset in your motherboard's manual) or by unplugging the power cord and removing the battery from your motherboard for a longer period of time. This might do the trick, if not you'll need to replace the chip.

The last BIOS virus that I am aware of is CIH (Wikipedia link) - 1998. Back then the BIOS restoration feature was not available.

[Tweak]

PDF with BIOS Rootkit related information you might find interesting.

http://www.google.com/url?sa=t&source=w ... xA&cad=rjt

Fixed, just quickly snagged the Google url

[ieattacos]

Tweak the link is dead. You might want to look on wikipedia Gaku.

http://en.wikipedia.org/wiki/BIOS

[ZOU]

Thanks guys. This is proving to be very informative.

[Tweak]

Tweak the link is dead. You might want to look on wikipedia Gaku.

http://en.wikipedia.org/wiki/BIOS

Sorry, it works now and is a PDF with some interesting info provided by blackhat.com