Infesting you with Virus News
 

News

Contributed by: Nono
Date: April 3, 2009
Nono
4
Vote
0

Web-based Applications Not Yet a Gateway to the BIOS chip, But Flash Drives certainly are!
 

virtual-reality.jpgResults released by Core Security Technologies researchers, Alfredo Ortego and Anibal Sacco revealed that it is possible to flash malicious code containing a rootkit onto the BIOS chip, making the rootkit almost impossible to remove. It is no longer necessary for users to first type command-line instructions after a DOS reboot in order to obtain a BIOS update from a diskette. Updates can now be loaded via flash tools that run under windows.

In most cases BIOS versions come complete with flash tools enable them to download updates from devices such as USB flash drives. This is a quicker and simpler method of updating you BIOS as compared to the old method. Such technologies are obviously a great convenience and offer a user more functionality with less hassles, but there is a catch.
chip.jpg
The catch is that as easy as it is to flash an update onto the BIOS chip, it is now just as easy to flash an infection onto the BIOS chip. The fact that there are certain types of tools that are also able to locate, read, manipulate, write or erase BIOS chips, does not make me feel any safer since cyber-criminals seem to working overtime these days.

All in all this means that not only can a hacker find a way to access the BIOS chip via DOS but also through a manipulated flash drives. A hacker just needs to install a malicious rootkit onto the flash then flash it onto the BIOS chip in practically the same way you would flash an update onto the chip. As proved by the Core Security Technologies researchers, once the BIOS chip has been infected with a sophisticated admin-level rootkit, repairing the damage is no easy task.

Referring to the above point, do the advantages of using flash tools exceed their disadvantages? is the ability to do a quick update worth losing your PC? At least, in the meantime, there is one thing standing in the way of opportunistic hackers and that is write-protection. Like i mentioned in my previous article most of today's BIOS have write-protect options set-up in their program and a few even come with password protection. So for now we are safe, but the question is for how long?

Resources:
Rootkits in a PC's BIOS
Command-line Interface
Admin-level BIOS Attack Withstands All Remedies

User Comments

Name:
Email:
Website:
Comment:
Please type 5-digit security code below:
Captcha image for spam protection

Featured Videos

Registry Tutorials
From: PC1News Videos
Added: November 11, 2008
more videos

Software Downloads

SpyHunter V.4
Free Spyhunter Scanner (Spyware/Trojan Detection). DETECT Spyware, Trojans, Worms, Viruses and malware on your PC absolutely FREE.
Download now
Registry Mechanic 8
Award Winning software, Fixes registry and improves computer performance. Created by a division of Symantec, this tool will scan your registry and find errors that can be later cleaned either individually or all together.
Download now
SpywareBlaster 4.1
The tool is used to prevent the installation of spyware and other potentially unwanted software. As soon as you download it, you will be able to protect your system.
Download now

Latest Comments

Generic Dropper.p
July 31, 2010
http://farmclas .. m-chambers.htmlkim chambers, 132592, http://westland .. -templates.htmlcv templates,... more..
Generic Dropper.p
July 31, 2010
http://temple-b .. 6/fha-203k.htmlfha 203k, :(, http://uksoccer .. sy-grammar.htmleasy grammar, hbt,... more..
Generic Dropper.p
July 31, 2010
http://thedukes .. ncy-meyers.htmlnancy meyers, 8332, http://maillots .. /***-girl.html*** girl,... more..
more comments..
rss
Home | Files | Programs | Latest Comments | About us | Privacy Policy | Contributors | Write For Us | Contact Us
© 2008 - 2010 pc1news.com - All rights reserved.
Home  Tips  Downloads Videos Virus List Vulnerabilities
Home > Malware > Web-based Applications Not Yet a Gateway to the BIOS chip, But Flash Drives certainly are!