i'm aware firmware infections are impractical from a conventional viewpoint. I always wondered though about a simple infection with a script that could read a computers hardware/firmware config then transmit that particular systems config back somewhere and the bad guy at the other end could modify code already written if he doesnt already have a database of prewritten code for generic configs and in this way the actual infection could morph from bad to worse. Thats why i cant understand about how dismissive people who clean/ write antimalware programs are about it. I dont know technicals enough to understand that blog past the main point of it- proof of firmware backdoor- but i've seen well over a dozen in the past year where proof of concept exploits arent just proven - granted i'm taking this proof on faith since i dont understand the code - but actually puplished as open source. Am i just paranoid or hardheaded or both? And i'll donate the old laptop to BC if ya'll want it.
Modifying the code is not a small task, as then the attacker will still have to account for the variety of firmware out there.
Not all proof-of-concept malware are successful as in-the-wild malware - for example, there is one BIOS infector out there (Mebromi) but it has plenty of signs and is easy to detect, which defeats the purpose of infecting the BIOS (to hide the malware and make it difficult to remove).
IMO, attackers using rootkits to hide their malicious payload is more effective in both costs and time than trying to rip their way into firmware, which both lowers the chance of infection and ability to hide.