On Dec 25, 2009, at 10:39 PM, katan wrote:
Except in the BIOS. WHat I'm wondering is, if a BIOS virus can
intercept a BIOS update and re-infect the BIOS being updated.
Here's a scary story from Tom's Hardware...
http://www.tomshardware.com/news/bios-virus-rootkit-security-backdoor,7400.html
"In many worst case scenarios, a hard drive wipe is the final solution
to ridding a system of an infection. But the absolute worst case
scenario is if a virus attacks the BIOS, making detection and cleaning
an incredible challenge."
"Anibal L. Sacco and Alfredo A. Ortego of Core Security Technologies
released a presentation detailing the exploit of this “persistent
BIOS infection.”
Through the use of a 100-line piece of code written in Python, a
rootkit could be flashed into the BIOS and be run completely
independent of the operating system."
"Flashing a system’s BIOS requires administrative control, but that
could first be obtained through a more ‘innocent’ virus that could
reside on the hard disk drive."
"You would need to reflash the Bios with a system that you know has
not been tampered with," he said. "But if the rootkit is sophisticated
enough it may be necessary to physically remove and replace the Bios
chip."
"There is defense against such an attack, however, as the researchers
say that a password or physical lock against BIOS flashes could block
the install of the rootkit."
If I may. let me point out that to flash the BIOS on a Mac you have to
shutdown the computer, then start it up by holding down the start
button for several seconds until you hear a tone. I'm surprised that
PCs will let any random program flash their BIOS. On second thought,
I'm not surprised at all. So typical.
*************************************************************************
** List info, subscription management, list rules, archives, privacy **
** policy, calmness, a member map, and more at http://www.cguys.org/ **
*************************************************************************
