New Malware Hides from Antivirus in Your BIOS [News]

Ads by Google

Malware researchers and malware programmers are in constant competition, the latter hunting for new ways to hide, the former sniffing out those methods. BIOS, the basic operating system pre-installed on computer motherboards, is the perfect place to hide, but has been thought generally safe from intrusion.

A new piece of nasty known as Trojan.Mebromi has been found capable of re-flashing a computer’s motherboard BIOS in order to insert new code which, in turn, corrupts a computer’s master boot record. In doing so, this Trojan hides in a place where anti-virus programs can’t look and executes its payload in an environment where they don’t exist.

That’s not to say removing this threat would be impossible, but it is difficult, as pointed out by security researcher Marco Giuliani. “Developing an antivirus utility able to clean the BIOS code is a challenge, because it needs to be totally error-proof, to avoid rendering the system unbootable at all.

There is some good news. The current incarnation of this malware can’t run if it isn’t given escalated privileges, so UAC should keep you safe if you use it. The Trojan also can’t infect computers running 64-bit operating systems, either. Finally, Award BIOS is the only target.

Mebromi is not the first malware to exploit the BIOS, but it is the first to be caught in the wild for over a decade.  I wouldn’t worry about a rash of BIOS infections just yet, however. This malware targets a security flaw discovered in Award BIOS five years ago, but never used and apparently never patched. If the developers finally fix that flaw, the window of opportunity will be closed – for now, at least.

Source:  Webroot Threat Blog, Symantec

Join live MakeUseOf Groups on Grouvi App Join live Groups on Grouvi
Windows Tips
Windows Tips
466 Members
Windows_10
Windows_10
454 Members
Best Windows Software
Best Windows Software
391 Members
Windows Troubleshooting
Windows Troubleshooting
388 Members
Computer Hardware Talk
Computer Hardware Talk
351 Members
Affiliate Disclamer

This article may contain affiliate links, which pays us a small compensation if you do decide to make a purchase based on our recommendation. Our judgement is in no way biased, and our recommendations are always based on the merits of the items.

For more details, please read our disclosure.
New comment

Please login to avoid entering captcha

Log In