Malware researchers and malware programmers are in constant competition, the latter hunting for new ways to hide, the former sniffing out those methods. BIOS, the basic operating system pre-installed on computer motherboards, is the perfect place to hide, but has been thought generally safe from intrusion.
A new piece of nasty known as Trojan.Mebromi has been found capable of re-flashing a computer’s motherboard BIOS in order to insert new code which, in turn, corrupts a computer’s master boot record. In doing so, this Trojan hides in a place where anti-virus programs can’t look and executes its payload in an environment where they don’t exist.
That’s not to say removing this threat would be impossible, but it is difficult, as pointed out by security researcher Marco Giuliani. “Developing an antivirus utility able to clean the BIOS code is a challenge, because it needs to be totally error-proof, to avoid rendering the system unbootable at all.”
There is some good news. The current incarnation of this malware can’t run if it isn’t given escalated privileges, so UAC should keep you safe if you use it. The Trojan also can’t infect computers running 64-bit operating systems, either. Finally, Award BIOS is the only target.
Mebromi is not the first malware to exploit the BIOS, but it is the first to be caught in the wild for over a decade. I wouldn’t worry about a rash of BIOS infections just yet, however. This malware targets a security flaw discovered in Award BIOS five years ago, but never used and apparently never patched. If the developers finally fix that flaw, the window of opportunity will be closed – for now, at least.