We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Bios rootkit in the wild (still rare)
RussJK
Posts: 2,359 Forumite
in Techie Stuff
http://blogs.norman.com/2011/malware-detection-team/mebromi-a-bios-flashing-trojan
The rootkit adds an extra check on POST to make sure the MBR is still infected, and reinfect it if necessary.
This one only works on computers with an Award BIOS.We had the Win9x virus CIH in 1998, which had BIOS flashing as part of its destructive payload. CIH did not even try to program anything; it just wrote garbage to BIOS which caused machines to hang when attempting a reboot. Later, there has been research in the area of BIOS injections by a number of researchers, but this has been more or less proof-of-concept code.
Mebromi is a real malware. The dropper file installs the following files:
bios.sys, which is the driver that handles BIOS flash IO.
flash.dll, handles loading and unloading of the bios.sys service
my.sys, a rootkit driver
hook.rom, an uncompressed BIOS ISA module file containing the malicious code
cbrom.exe, a legitimate BIOS combination utility
The rootkit adds an extra check on POST to make sure the MBR is still infected, and reinfect it if necessary.
0
Comments
-
Norton have done a good writeup as well:
http://www.symantec.com/connect/blogs/bios-threat-showing-again0 -
nice find russ....these people who write such stuff are tw*ts :mad:......Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple
0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.5K Banking & Borrowing
- 253.7K Reduce Debt & Boost Income
- 454.5K Spending & Discounts
- 245.5K Work, Benefits & Business
- 601.5K Mortgages, Homes & Bills
- 177.6K Life & Family
- 259.5K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards