Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Researchers Demonstrate Dangerous BIOS-level Malware Attack

Anibal Sacco and Alfredo Ortega, two Argentinean researchers from the security organization Core Security Technologies, have discovered a technique with which a 'Basic Input Output System' (BIOS)-level malware assault could be carried out. The malware is capable to survive even when all content of the hard-disk is deleted.

The researchers demonstrated the technique at the CanSecWest Conference held at Vancouver, Canada, during the 3rd week of March 2009. The researchers said that by injecting a tiny piece of malicious script into the BIOS, they could successfully compromise a system.

The script has proven very harmful to both the OpenBSD and Windows platforms, and also against a virtualized machine through the VMware Player software. In all these cases whenever the PC is restarted, the malware infection returns most effectively. The researchers said that even after removing and putting back the computer hard disk, the malware could not be eliminated from the machine.

Saying that it is possible to insert the code anywhere, Ortega states that although they have demonstrated a proof-of-concept, they are also developing a working rootkit to gain full control of an infected PC despite the reinstallation of the OS on the system. Ortega further said that it was possible to modify any software to plant a rootkit. He also alleged that they possessed a small code with which they could disable or delete antivirus programs.

Ortega further says that an attacker with the rootkit could potentially infect a virtual system and carry out any malicious act - all below the OS kernel stage.

But the researchers revealed that the technique of the attack requires an already compromised system. Therefore, it restricts the probability of the assault, but the biggest problem is that compromised system essentially disallows a defender to delete the attacker's code.

In 2006, John Heasman, a British Researcher at the Next-Generation Security Software (NGSS) also demonstrated how a 'Peripheral Component Interconnect' device could drop a rootkit on a Windows system. He showed how the BIOS' ACPI (Advanced Configuration and Power Interface) could be rearranged to include a malevolent ACPI Machine Language.

Related article: Researchers Urge Caution against phishing Scams

ยป SPAMfighter News - 3/30/2009

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page