Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

bios virus?


  • Please log in to reply
2 replies to this topic

#1 somae

somae

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:02:58 AM

Posted 24 January 2015 - 11:45 AM

I've been reading a debate over at the dell computer forums (http://en.community.dell.com/support-forums/desktop/f/3514/t/19603395) in which people are claiming that the computers on their lans were infected with bios viruses. One dell forum spokesperson is vehemently denying that there is such a thing and says that the bios can be damaged but it can't be infected with a virus.

 

The people claiming they were infected are saying that the virus infects the bios and is able to boot the computer and that when they try to flash the bios, that the virus reinserts itself.

 

I was wondering the bleeping computer take on this?

 

Thanks.


Edited by somae, 24 January 2015 - 11:47 AM.


BC AdBot (Login to Remove)

 


#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:58 AM

Posted 24 January 2015 - 12:46 PM

Yes, BIOS malware exists.

 

In 2011, malware was detected that achieves persistence via reprogramming of the BIOS on systems with an Award BIOS.

 

Here is how it achieves persistence via the BIOS: if the infected disk is removed, and replaced with a new disk with a new installation of Windows, and the computer starts up, the malicious code in the BIOS will execute and check the MBR.

If the MBR is not infected, it will infected the MBR. Then the MBR executes and infects the brand new Windows installation.

 

http://www.webroot.com/blog/2011/09/13/mebromi-the-first-bios-rootkit-in-the-wild/

 

For your example of Dell computers, I don't know if there is malware targeting the Dell BIOS. But in theory it is possible.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:58 AM

Posted 24 January 2015 - 02:48 PM

And although BIOS viruses exist, they are rare and not generic...meaning it's vendor specific and cannot modify all types of BIOS.

Fortunately, as the below articles note, it's highly unlikely you will encounter a BIOS-level scenario as it is not practical for attackers to use such an exploit on a grand scale. Malware writers would much rather target a large audience through social networking where they can use sophisticated but less technical means than a BIOS virus.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users