BIOS based rootkits coming soon….



There have been a couple stories out of the “Blackhat federal” conference in the last couple days. Brian Krebs at the Security Fix gives a good overview. One of the more troubling notes is the possibility of creating a rootkit that can hide itself in a systems BIOS. Security Focus has some detail on this as well.


This kind of reminds me of the “old days” of computer viruses where you NEVER did a scan from within the operating system because boot sector viruses, or other infected startup files could hide themselves from a running virus scan. I guess the simplest way to put the problem is this…. ACPI is a function that most BIOS’ these days support. It supports a higher level programming language and if the ACPI BIOS is left writable, then someone COULD hide a “bootstrap” for a rootkit in the BIOS.

This “bootstrap” would then be able to download and install other, larger components later to disc. What’s disturbing about this is that the rootkit itself would survive a drive reformat, or even drive replacement. It would still lay in wait in the BIOS when running an alternative operating system or boot cd. It’s unlikely (they say) that we might have an easily transmittable rootkit that does this, but would most likely be done as “an inside job” where someone with physical access to the machine is able to load this. It’s not reassuring though. Admittedly “pysicall access” to the machine is usually game over in a security context, because really and truly if someone has physical access they can do whatever they please with the box.

Related Posts

Blog Traffic Exchange Related Posts
  • Network Security guide for the home or small business network - Part 6 - Secure your services This one is going to be tougher. Of what we've looked at so far this will probably take more work and learning than any of the others. The good news is, depending on your situation you may need to do less here. IF you have decided that your pc (or......
  • GMail security problem fixed Google's not had a great week it would appear (Sony's had worse... but that's another story). The Analytics launch was somewhat rocky from most accounts and there is a GMail security bug that's been announced and fixed. Details on the bug are here, and a writeup is also here. Apparently......
  • Sony discs to be recalled It looks as though the uninstaller as claimed last night, does have more serious implications than the original rootkit, in Sony's continuing DRM nightmare. Basically, the uninstaller will allow any web page to run arbitrary code and or remotely control your pc. Which is sort of the holy grail of......
Blog Traffic Exchange Related Websites
  • Fishing Report: February 12, 2010 Striped Bass, Crab and Halibut A trip went out of Berkeley/Emeryville on Friday and brought back lots of rays and sharks, and one good sturgeon, but nothing like the 80-pounder that was caught here last week. More trips are scheduled for the weekend. The recent weather is expected to cause......
  • Prosper Repurchases A Loan Yesterday, I had one of those bitter sweet moments.  Sweet in that a loan I had been writing off in my mind as bad was repurchased by Prosper for the full principal balance.  Bitter, because I really believe I am helping people with these loans and yet someone would take......
  • Tennis Ball Machine Advantages If you are looking for ways for you to significantly improve your techniques in tennis, then one of the best things that you can possibly to do is to invest in a tennis machine or tennis ball machine. This is a truly ideal device for anyone that is interested in......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site