iTnews
  • Home
  • News
  • Technology
  • Security

BIOS rootkit attacks China

By Dan Kaplan on Sep 16, 2011 7:23AM
BIOS rootkit attacks China

But attack scope is limited.

Researchers have discovered what is believed to be the first in-the-wild rootkit that targets BIOS, the built-in software responsible for booting up a computer and managing communication between the machine and its attached devices.

The discovery of Mebromi is notable not because any widespread infections are anticipated – the complexity of a successful attack on the motherboard is high – but because it appears to be the first malware written for the BIOS in at least four years.

The potent malware cocktail, consisting of a BIOS rootkit, an MBR (master boot record) rootkit, a kernel-mode rookit, a PE (portable executable) file infector and a trojan downloader, is designed to evade anti-virus detection.

Right now, the active attack exclusively is targeting Chinese users, Webroot researcher Marco Giuliani said.

The trojan dropper is designed to first infect Award BIOS, manufactured by Phoenix Technologies. Once the BIOS is infected, the malicious code compromises the master boot record, a small program initiated when a computer starts up.

Anti-virus technologies likely will struggle against the threat.

"Storing the malicious code inside the BIOS ROM [chip] could actually become more than just a problem for security software, [given] the fact that even if an anti-virus product [can] detect and clean the MBR (master boot record) infection, it will be restored at the next system start-up when the malicious BIOS payload would overwrite the MBR code again," Giuliani said.

"Developing an anti-virus utility able to clean the BIOS code is a challenge because it needs to be totally error-proof to avoid rendering the system unbootable at all."

Still, he doubts the threat will become far-reaching because the rootkit only works with one type of BIOS, likely because it is fashioned after the IceLord BIOS proof-of-concept from 2007, which also targeted Award.

"Although this kind of infection is potentially one of the most persistent infections known out there in the wild, it will hardly become a major threat because of the level of complexity needed to achieve the goal," Giuliani wrote.

The Chinese security firm Qihoo 360 first detected the attack, according to Webroot.

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
biosmalwarembrresearchrootkitsecuritywebrootzeroday

Partner Content

Why rethinking your CMS is crucial for customer retention
Promoted Content Why rethinking your CMS is crucial for customer retention
The Great Resignation has intensified insider security threats
Promoted Content The Great Resignation has intensified insider security threats
Avoiding CAPEX by making on-premise IT more cloud-like
Promoted Content Avoiding CAPEX by making on-premise IT more cloud-like
How to turn digital complexity into competitive advantage
Promoted Content How to turn digital complexity into competitive advantage

Sponsored Whitepapers

Free eBook: Digital Transformation 101 – for banks
Free eBook: Digital Transformation 101 – for banks
Why financial services need to tackle their Middle Office
Why financial services need to tackle their Middle Office
Learn: The latest way to transfer files between customers
Learn: The latest way to transfer files between customers
Extracting the value of data using Unified Observability
Extracting the value of data using Unified Observability
Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see

Events

  • Forrester Technology & Innovation Asia Pacific 2022
By Dan Kaplan
Sep 16 2011
7:23AM
0 Comments

Related Articles

  • Australian businesses lose $227 million to BEC-like scams
  • UTS to create secure research hub at Tech Central
  • Global police operation takes down Flubot infrastructure
  • VMware, F5, Log4j added to EnemyBot attack targets
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Australian court finds insurer not liable for ransomware clean-up costs

Australian court finds insurer not liable for ransomware clean-up costs
Telstra deregisters 900MHz sites “hindering” Optus 5G rollout

Telstra deregisters 900MHz sites “hindering” Optus 5G rollout
ADHA extends Accenture's My Health Record support deal for $100m

ADHA extends Accenture's My Health Record support deal for $100m
Defence, DEWR drop $160m on Microsoft software, Azure

Defence, DEWR drop $160m on Microsoft software, Azure

Digital Nation

Domino’s invests in observability for zero contact delivery
Domino’s invests in observability for zero contact delivery
Criteo to fork out $94.7m for consent breaches
Criteo to fork out $94.7m for consent breaches
Australia will lose 11 percent of jobs to automation by 2040: Forrester
Australia will lose 11 percent of jobs to automation by 2040: Forrester
Metaverses on the agenda for Dominello, Husic ministerial meeting
Metaverses on the agenda for Dominello, Husic ministerial meeting
COVER STORY: How KPMG, Mirvac and ASX use blockchain to build trust in the property sector
COVER STORY: How KPMG, Mirvac and ASX use blockchain to build trust in the property sector
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.