BIOS based rootkits coming soon….



There have been a couple stories out of the “Blackhat federal” conference in the last couple days. Brian Krebs at the Security Fix gives a good overview. One of the more troubling notes is the possibility of creating a rootkit that can hide itself in a systems BIOS. Security Focus has some detail on this as well.


This kind of reminds me of the “old days” of computer viruses where you NEVER did a scan from within the operating system because boot sector viruses, or other infected startup files could hide themselves from a running virus scan. I guess the simplest way to put the problem is this…. ACPI is a function that most BIOS’ these days support. It supports a higher level programming language and if the ACPI BIOS is left writable, then someone COULD hide a “bootstrap” for a rootkit in the BIOS.

This “bootstrap” would then be able to download and install other, larger components later to disc. What’s disturbing about this is that the rootkit itself would survive a drive reformat, or even drive replacement. It would still lay in wait in the BIOS when running an alternative operating system or boot cd. It’s unlikely (they say) that we might have an easily transmittable rootkit that does this, but would most likely be done as “an inside job” where someone with physical access to the machine is able to load this. It’s not reassuring though. Admittedly “pysicall access” to the machine is usually game over in a security context, because really and truly if someone has physical access they can do whatever they please with the box.

Related Posts

Blog Traffic Exchange Related Posts
  • How to Remove AntiSpyware Shield Pro | AntiSpyware Shield Pro Removal AntiSpyware Shield Pro is a rogue antivirus that typically is installed via trojans or other malware. Once it's invited itself onto the system it will do all sorts of things. It will popup warnings about the computers security. It will scan the computer for viruses and find many files that......
  • Hiding malware may evade antivirus Sans had an interesting malware analysis this morning about a blob that appeared to be ascii text (gibberish) that was retrieved by a piece of malware. It turns out that the ascii text was a cleverly encoded exe file (windows executable or program file.) It took several iterations of their......
  • Network Security guide for the home or small business network - Part 15 - Security Through obscurity I remember many years ago watching a Dr. Who episode where a very important key was "hidden" in a display of many other keys. Kind of like hiding a tree in a forest. This concept is "security by obscurity". Generally this is considered a bad approach to security. It is......
Blog Traffic Exchange Related Websites
  • TSA Scans and Pat-Downs (and Personal Finance Links) Like many others, I have been outraged by the detail of the new TSA scanners. I found the advanced pat-downs just as outrageous. I understand the need for security, but I believe our right to privacy trumps that. We are slowly losing all our rights to privacy. You use a......
  • Homeowners Guide - Will Smart Meters Benefit Your Family? The smart meter is the “next generation of electric and gas meters.” While it may be new to Britain, Canada, Australia, New Zealand, the Netherlands, Italy and the United States have been perfecting the technology for some time. Learning from their mistakes has been a real advantage and shortened......
  • Take Action Tuesday: New Years Resolutions On January 1st of every year, millions of people set new year's resolutions. Some set goals to let a new skill, some vow to lose weight, and some promise to start getting out of credit card debt. Today is December 7th, which leaves 25 days until the the new year. Why......
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site