BIOS Rootkits

On to the link.

BIOS rootkits are simple idea: don’t just put a backdoor in the operating system, modify the BIOS (or EFI, or OpenFirmware, or whatever it is those ancient Sun workstations run) so that it backdoors the operating system every time the computer starts up.

(A good example of a potential security hole most people wouldn’t even take into consideration.)

Any thoughts on how to defend against them, other than Coreboot (

Also, a follow-up note re: Berlin travel advice, worth copying here:

>> When you say have my bullshit detector on, do you mean mostly in >> terms of people trying to rip us off?

Yeah, and in general. Like for example, I spent a few nights at the EastSeven hostel. I found one morning that someone had gone through my stuff in my pants pocket during the night — while my pants were folded under my pillow. They didn’t take anything, since I guess I didn’t have enough cash easy to find. But some guy started asking me weird questions later, something to do with the US (conspiracy theories? stuff about the most recent election) and referenced my USB stick in the conversation… it was pretty clear he was a) responsible b) a criminal and c) fucked in the head.

“After MyBios (Mebromi) became the first malware to successfully infect the Award BIOS and survive a reboot to own the system, BIOS-based rootkits became the toast of the malware research community. That was in 2011, and now, months after the initial discovery, McAfee has found another BIOS-based rootkit – BIOSkit.

McAfee’s Arvind Gowda detailed the discovery on the company’s blog, the main attack starts with a DLL file that infects the Master Boot Record (MBR). It overwrites the original MBR and writes the file to be dropped (the downloader) in hidden sectors. After this, the DLL copies itself to the Recycle folder and deletes itself, Gowda explained.

The downloader is dropped and executed every time the system is started.[…]

Based on the discovery, McAfee expects to see more examples of BIOS-based rootkits in the future. While detecting and cleaning infections to the MBR isn’t hard for a security company, cleaning BIOS infections presents a separate challenge altogether. Should a security firm make an error in the infection removal process within the BIOS, they could turn an expensive system into a rather expensive brick.”


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: