rootkits heading for bios

[hazelnut]

Although I don't fully understand some of this, it still sound worrying.

 

http://www.securityfocus.com/news/11372?ref=rss

[Eldmannen]

Yeah, I heard about this. Read something briefly about it, that ACPI has some scripting language (I never knew) and that it can script a rookit. Sounds pretty scary.

 

Be afraid, be very afraid.

[JohnDemolition]

so basically if you use *nix or windows, it doesnt matter? that just sucks.

[lokoike]

However, the ability to flash the memory depends on whether the motherboard allows the BIOS to be changed by default or if a jumper or setting in the machine setup program has to be changed.

I imagine this will probably become a motherboard standard pretty soon, if these BIOS rootkits really do take off.

[Eldmannen]

so basically if you use *nix or windows, it doesnt matter? that just sucks.

 

There could probably go around viruses and worms on Windows that use this.

On *nix systems however, it is different, it is much less prone to viruses and worms.

Now even if it came a virus or worm for it, it probably would not be able to write to the BIOS/ACPI unless the user was running as root, which he probably do not.

So you're much better off in terms of security with *nix.

[ccleaner professional user]

I personally don't see what is stopping an antivirus writer from downloading a free harddisk eraser program like d-ban from sourceforge, changing a few scripts, making a silent executable with say (Win Rar?) that will run automatically at reboot and destroy all data on your drive.

 

Or making a "BIOS" update that really isn't and "flash" your motherboard with a series of attempts, trying all of the major vendors till it (usually) hits one that works and fries your pc.

 

I don't see what is stopping them from using a command to delete the whole C: tree on reboot.

[Eldmannen]

Yeah, I suppose they can do many of that stuff. Deltree should be enough, they dont really need to use something like d-ban or eraser that securerly erases data. Deltree will cause enough trouble for most users.

 

But I dont see why virus writers would want to ruin someone elses computer or data.

I can understand that maybe virus writers they a kick out of seeing how fast, far and many their virus can spread to, but there is nothing cool about destroying other peoples computers and data.

 

I wouldnt ever write a virus, but if I would, it would not be an evil one, it would be one that dont delete anything, just popups messages and jokes with the user. Example;

* "I got infected with a virus and it's your fault you retard!"

* "I got infected with a virus, why didnt you lookout for me?"

* "Hi my name is Chewbacca, now you probably wonder how the hell I got into your computer..."

* (Eject CD/DVD tray), "I am hungry, please put some carrots into the DVD" or "I am hungry, please feed me."

etc

[ccleaner professional user]

Yeah, well, I was just saying.... If it's possible, they will probably do it... Eventually...

---------------------------------------------------------------------------------------------------------

Is there a way to stop this potentially hazardous loophole to keep someone from making

an undetectable silently executed automatic virus from slamming a machine? What if

they made it always use different names + change how it works each time? How would

antivirus vendors stop it, especially if they used the 4096 bit encryption?

---------------------------------------------------------------------------------------------------------

Peace