Check out the aforementioned link. This new secuirty threat has been known for years, but not really prevalent due to some limiting factors, but I think we're coming upon a time where more is now possible. So far, researchers have only gone as far to say that Award bios chips are the only that are a vunerable. I believe the capabilities are already beyond one chip manufacturer existing "in the wild." Maybe not as a widespread problem to the mainstream (yet), but the topic has been awfully quiet between the AV industry/researchers and the talking radio heads/bloggers (Like Steve Gibson).
I do not know how long ago the paper before was written, but I would disagree with the statements that an attacker must physically access the victim computer, and furthermore, being able to aquire the relavent computer specs would be a challenge. Take file sharing for example. Although the moral of the example appears evident, there's no denying that an abundance of the non-technologically inclined population are dumber than my Space Bar key. An attacker not only has my ip address that I'm leeching files from, but he or she is also putting those files on my computer. Me (hypothetically speaking) being the ignorant cyber-pirate happy to receive my copy of illegal software thinks nothing of the sender or the received content. I simply unzip the file and notice a strange .info file along with the federal offensive material I sought to illegally acquire. Well, the .info file actually stored my computer specifications right down the the Bios version, but delivering the information back to the attacker hasn't happend just yet. Carelessly, I (the unintelligent cyber theif) install a package of files that I have no idea goes where, but all I know is that my five finger discount software will run! Well, now that software has Trojan type back doors and a dialer back to the attacker's proxy address that returns the results of that .info file...
Should the attacker have an established way back to the victim computer (via router firmware exploits, open ports, or simply already a permanent residence to my computer), then he or she can flash my bios via a delivered payload that begins the process of the above reading. I assert that the respective bios chip may not have to be the correct version or perhaps even the complete vendor. In the words of Gene Kranz, Flight Director of Apollo 13, "I don't give a damn about what it's built to do, I only care about what it can do." Alot of that what he said is in line with the thinking of hackers, programmers, and information security professionals. A computer with WinXP Service Pack 1 won't BSoD the computer... It will only give you more space to put other things than Servicepack 3. Moreover, just because an iPad was built for Apple's iOS doesn't mean that the hardware won't run Android (despite the fact they both operate under a Linux kernel).
Anyhow, back to our file sharing example... It is indeed possible to bypass the authors' mitigation advice today, but we might not see BIOSkits blow up as the 2012 dilemma of 2012 for three reasons I think. First, the capabilities have long been realized, but never really possible until recently in the past few years. Companies who recover Stolen laptops for businesses have used proprietary software that call home when hooked into the Internet, and it was capable of deployment to the HDD from the BIOS ROM/EEPROM. These businesses kept the knowledge under wraps to increase their ROI within the product life cycle, and I believe the few in the malware industry capable of deploying multiple forms of this malware are doing the same. This is probably why we haven't seen the wide spread "Windows 7 Anti-virus" that survives HDD reformats or its accompanying "How to" remove guide on Yahoo Answers. Secondly, the emerging UEFI systems may have the answer to this emerging threat, but I don't expect see the average user making the investment until after the damage is done to their computer. Lastly, and perhaps more troubling, is the silence regarding the topic from the mobo and AV industry. This is a really big problem for the AV industry in particular because any type of solution that checks and cleans the BIOS could yield as much negative result as the user implementing it themselves (I.e. a bricked Mobo). Mcafee recently went public with their findings of a BIOSkit sample that was a variant of the one found months before by the Chinese, but the other industry leaders have largely left the topic ignored. I think any acknowledgement from the AV industry as a whole will either be on the heels of a solution for this in their next product release, or a finger pointing festival at the mobo manufactures and/or OS manufactures.
Overall, I see this As a viable threat that could possibly be more prevalent in the wild than Recent publications have mentioned. It's great to speculate about now because this is something Norton, Mcafee, and Kaspersky really have no answer too, and if the malware industry had a place on Wall Street, then I'd be buying their stock right now. "HIDE YO KIDS! HIDE YO WIFE!"
Edited by Bit Monkey, 23 July 2012 - 10:44 PM.