BIOS infection - an item for discussion
in [Viruses]
|
From: ~BD~ on 15 Jun 2010 03:13 Over the years, a lot has been said about this topic. But, apart of the old Chernobyl virus, which just zeroed the BIOS if you motherboard was one of the supported, or some modifications with modding purposes (that were a very valuable source of data, btw) like Pinczakko's work, we wouldnt be able to find any public implementation of a working, generical and malicious BIOS infection. Mostly, the people tends to think that this is a very researched, old and already mitigated technique. It is sometimes even confused whith the obsolet MBR viruses. But, is our intention to show that this kind of attacks are possible and could be, with the aproppiated OS detection and infection techniques, a very trustable and persistent rootkit residing just inside of the BIOS Firmware. In this paper we will show a generic method to inject code into unsigned BIOS firmwares. This technique will let us embedd our own code into the BIOS firmware so that it will get executed just before the loading of the operating system. We will also demonstrate how having complete control of the hard drives allows us to leverage true persistency by deploying fully functional code directly into a windows process or just by modifying sensitive OS data in a Linux box. http://www.phrack.org/archives/66/p66_0x07_Persistent%20BIOS%20infection_by_aLS%20and%20Alfredo.txt -- Dave BD
|
Pages: 1 Prev: Link to Rapidshare malware file Next: BIOS infection - an item for discussion |