Trojan that Exclusively Attacks BIOS Discovered
Security researchers from '360 Security' an anti-virus company in China have detected one malicious program, which plants hostile code onto targeted PC's BIOS. The Inquirer published this in news dated September 13, 2011.
It maybe mentioned that BIOS, abbreviation of "Basic Input Output System" comprises an archive having specific fundamental commands for exchanging messages among the hardware and operating system (OS); therefore it's an extremely important component for the PC's operation.
The code, 360 Security detected has been dubbed BMW; however, other security firms have named it Mebromi. There are different components in the malware for the BIOS, MBR (master boot record) and the OS.
Essentially, the Mebromi Trojan is used for recovering sensitive personal information particularly passwords. It is therefore placed in a weird place as the Basic Input Output System tangibly segregates from computer's hard drive. Mebromi being inside the BIOS is hard for regulating.
According to the 360 Security's researchers, the malware takes the form of one "plug-in game" as well as directs end-users towards deactivating their virus. When done, malicious software contaminates the BIOS, Windows operating system, and the hard drive's MBR followed with downloading of more malicious programs. The Mebromi Trojan concentrates solely on machines having Award BIOS.
As a result, the MBR code and BIOS hook retrieves the rootkit whenever the system is restarted. Eventually, malware is loaded onto the winlogon.exe file of Windows Server 2003 and Windows XP, as also onto the wininit.exe file of Windows 7 and Vista.
In the meantime, a Mebromi attack is possible exclusively against BIOS ROMs. It (the Trojan) examines the BIOS ROM whenever the computer is put on. For an Award BIOS devoid of malevolent commands, Mebromi plants malware via targeting the motherboard's chip for reflashing.
Security researchers stated that one ordinary worm, which the BIOS acclimatized that during 1999 was detected as CIH or the Chernobyl worm was used exclusively for destructing the BIOS.
Notably, it isn't just a motherboard whose firmware is capable of being contaminated with malware. A particularly few home routers too had come under Trojan assaults that were added to botnets, earlier.
Related article: Trojans to Target VoIP in 2006
» SPAMfighter News - 23-09-2011