BIOS Vulnerable to Modern Malware Attacks

'Basic Input/Output System', a firmware run by a PC at the time of boot-up, is increasingly targeted by malware attacks as modern hackers having administrative OS rights are effectively conducting BIOS updates or BIOS on the Internet to load customized low-level firmware.

Recently, experts have shown how BIOS malware could be used to attack multiple operating systems and infect different kinds of motherboards. According to them, BIOS-based malicious software can disseminate not just on various OSs, but also by a number of hardware. These attacks are hard to identify and block.

Earlier during March 2009 at the Vancouver CanSecWest security conference, researchers Anibal Sacco and Alfredo Ortega of Core Security Technologies Inc. performed a general BIOS attack that could push malware inside various BIOS types, as reported by search security on June 18, 2009.

A hacker who hijacked the BIOS in the above manner could gain complete control over the basic firmware irrespective of the OS.

Even if all browser applications and OS patches are put in place, it is still possible to fully compromise computers at a very low level without any vulnerability exploitation. Evidently, the BIOS malware has been effectively utilized on both OpenBSD and Windows platforms as well as on virtual machines through the VMware Player program.

Sacco and Ortega emphasized that for carrying out the attacks, one needs to either directly access the target computer or obtain the root privileges of the same, which restricts the scope. In any case, the techniques are extremely workable and the two researchers are presently experimenting with a BIOS rootkit that might help to execute the attack.

Following the experiments by the Core researchers, John Heasman at Next Generation Security Software performed another research on stubborn rootkits and was successful in creating a technique for planting them on computers utilizing 'Peripheral Component Interconnect' (PCI) cards.

Previously during 2007, Heasman at Black Hat DC demonstrated a fully functional technique for installing rootkits on a PCI card through the device's flashable ROM. He also showed how bogus stack pointers could be built through the circumvention of Windows NT kernel.

Related article: Bugs Swell In Browsers in 2006

» SPAMfighter News - 6/26/2009