SEARCH

The How-To Geek Forums Have Migrated to Discourse

How-To Geek Forums / Windows Vista

BIOS malware

(11 posts)
  • Started 5 years ago by BobJam
  • Latest reply from ScottW
  • Topic Viewed 5337 times

BobJam
Posts: 1052

Recent research suggests that rootkit malware can be designed to infect the flash memory of the BIOS and "live" in the BIOS, thereby surviving the "clean install" so many of us recommend as the "ultimate" and often the best solution for infestations. A clean install wouldn't remedy the infection . . . it would just come back again from the BIOS unless the BIOS was also flashed with a clean copy. Which means users would have to keep a clean copy of the BIOS handy and also know how to flash it.

At this stage it's only been demonstrated in controlled environments by security researchers, but the malware writers can't be too far behind and some think malware bums may be ready to release something into the wild in the next few weeks.

Don't want to sound like the-sky-is-falling Chicken Little, but this is not good news! If the malware creators find a way of injecting it into the BIOS of an infected machine there would have to be a complete rethink on the way that users are advised, and that in itself will be no mean feat either. We may have to go back to geek school to learn how to deal with this kind of nastiness .

If the malware writers have the ability to affect a computer's flash memory with a rootkit, the BIOS would need to be configured to disable writing to flash memory. BIOS password?

It's always a steep learning curve and the hill just got steeper!

Security expert articles on this can be found here and here.

BIOS password issues are discussed on Tom's Hardware here.

This injection is true for systems that are "open" and I quote from one article:

"Of course, injecting code into the BIOS is no easy feat. It requires physical access to the machine or an exploit that hands an attacker unfettered root access"

Unfettered root access = ability to make changes to the bios, aka: Flash BIOS

Some Mainboards have Jumpers to protect before erroneously Flashing.

Other Mainboards have a BIOS-Setup-Option called "Flash Bios Protection", "Firmware Write Protect", "Bios Guardian" or "BIOS-ROM Flash-Protect"

Whether via jumper or BIOS setting, they are generally enabled to protect you, though it doesn't hurt to check for yourself to make sure.

Posted 5 years ago
Top
 
LH
Posts: 20002

Hey BobJam,
http://www.howtogeek.com/forum.....post-80139

Posted 5 years ago
Top
 
raphoenix
Posts: 14920

@Bob,
Solution Found !!!!
EPROM Programmer
Think I have an old one in the "Junk Room" someplace from years ago.
Remember back when Customizing Bios became a Big "Fad" with Builders in the 1990s ????
Will try to find an old HowTo and Post.
Crank up the "old time" machine again. :) :)
Best Regards,
Rick P. :)

Posted 5 years ago
Top
 
LH
Posts: 20002

Rick. Have done it (with removable proms). With surface mount flash proms, you would need a special clamp, to burn in situ. Don't know if they exist. Probably do, but I haven't looked.

Posted 5 years ago
Top
 
raphoenix
Posts: 14920

@ LH and Bob,
You should enjoy this 2004 article I found.
Bios use to be all Socketed.
http://www.hardwaresecrets.com/article/39
Best Regards,
Rick P.

Posted 5 years ago
Top
 
LH
Posts: 20002

Made me laugh. A 2nd motherboard needed, LOL

Posted 5 years ago
Top
 
raphoenix
Posts: 14920

Yeah a bit far fetched in today's world BUT I remember the old days of Building when one always had a lot duplicate spare parts to include MBs, Bios Chips, Memory Chips, CPUs, etc.., everything.
---
I don't hardly have any spare parts now so you saw what happened when just my mouse "crapped out" two weeks ago. (LOL)

Posted 5 years ago
Top
 
LH
Posts: 20002

Yeah. But you didn't need to by an M/B. Just an EPROM, or EEPROM. And you mostly used scavenged one's anyway.

Posted 5 years ago
Top
 
raphoenix
Posts: 14920

@LH,

(LOL) Here is a trick I bet you remember.
---
1. Boot up Machine with Good Bios Chip.
2. Carefully Remove Bios Chip in Running Machine.
3. Carefully Replace with Duplicate Bad Bios Chip.
4. Run Flash Program and Fix Bad Bios Chip.
5. Carefully Remove Fixed Bios Chip in Running Machine.
6. Replace with Good Bios Chip Originally Removed from Machine.
7. Reboot.
---
Now you will have a Good Spare Second Bios Chip.
---
Taken From My Notes Written Sometime in 1990s.
Wonder how many Members remember doing this procedure ???? (LOL)
---
Best Regards,
Rick P. :)

Posted 5 years ago
Top
 
LH
Posts: 20002

Don't know that one. I just used a UV lightbox. And a writer I built onto breadboard.

Posted 5 years ago
Top
 
ScottW
Posts: 6609

As an old firmware developer, I have burned more EEPROMs than I care to remember. UV erase was before my time, but they did have the a lightbox at work which I found to be an amusing curiosity.

My experience started with DIP chips which were always socketed. The workhorse PROM burner was always a DATA I/O -- solid, ugly boxes that were often broken and used the *most* primitive software. Soon after, they switched to surface mounted, NAND flash in a PLCC package. These were smaller and more delicate and were intended to be soldered down. Prototype boards were manufactured with, or retrofitted with, surface mount *sockets*. Wikipedia has a good picture of a PLCC package and the kind of socket it used. To get the chip out you needed an extractor. We had a flat, two-pronged, metal tool specially designed for this purpose. These tools were always being lost or stolen and, for a while, were worth their weight in gold. Finally I gave up using the special tool and figured out that the handle from a small binder clip was a perfect substitute if you pried up on corner first, and then the other.

Suffice it to say that me and the PROM burners have a lot of history.

Posted 5 years ago
Top
 



Topic Closed

This topic has been closed to new replies.