Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Google’s VirusTotal has New Tool Analyzing Firmware for Malware

Google's malware-hunting engine VirusTotal declared within one blog post that there was one fresh tool added to the engine which scanned for malware on computers' UEFI and BIOS firmware. While UEFI and BIOS bridged software and hardware, firmware told PCs the process of booting. In case malicious content existed within software or hardware, then even changing to a new hard drive would not eliminate it - the malware existed within any of the motherboard's chips.

Moreover, the initiative towards starting firmware's scanning followed new reports about some special types of malware striking certain computers' UEFI and BIOS - in particular incidents relating to Hacking Team and Lenovo. Mashable posted this, February 3, 2016.

Security investigators utilizing VirusTotal's scanning utility become capable of uploading malware. The utility tells if any anti-virus has spotted malicious software, in addition to providing more technical details. VirusTotal's latest tool labels firmware images as legitimate or suspicious.

The tool also extracts certificates carried within a firmware as also indicates if additional executable files exist in it. What's more VT's tool can extract portable executables (PEs) situated inside the firmware that harbor malevolent action.

Some PEs work on Windows OS, but become inactive inside firmware, a rather unwanted action, although at times it is legitimate. An instance illustrating this is when a PE exudes an anti-theft feature designed to make it persistent no matter whether the computer has been wiped clean.

Aside the above, VT's new tool extracts firmware code, when desired removes Personally Identifiable Information (PII) like passwords for WiFi connection, and then uploads it to VirusTotal typically through the homepage.

VirusTotal itself separates firmware files, analyzes all of them and then relates them to virus databases of each anti-virus product it supports. And suppose there is anything shady, it can be seen inside "File detail" tab having an orange or red icon.

In case the VT tool works, computer owners' worries can be lessened, although an online connection is required for using it. Researchers using the tool can upload firmware graphics that the former analyzes through extraction of executable code in which malicious content maybe lurking.

» SPAMfighter News - 2/9/2016

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page