BIOS infection - an item for discussion
in [Viruses]
|
From: FromTheRafters on 15 Jun 2010 18:16 "~BD~" <.BoaterDave(a)hotmail.co.uk> wrote in message news:hv8kjo$msf$1(a)news.eternal-september.org... > > "FromTheRafters" <erratic(a)nomail.afraid.org> wrote in message > news:hv8fbm$mdv$1(a)news.eternal-september.org... >> He may not understand what including the term "viruses" has done to >> your question. Can malware reside.... ? Yes. > > Semantics, perhaps? Semantics are important to communication, not something to be dismissed out-of-hand when words don't appear to bolster your viewpoint. Malware "infection" can refer to many things, but viruses have to "infect" as part of their spreading mode - that is to say that when the virus' host program (the BIOS code or option ROM code in this case) executes, "another copy" or "another host" of that malware is created. >>> My question to you, FTR, is why do folk not discuss this in the >>> relevant Usenet groups? >> >> Because it spreads fear, uncertainty, and doubt. Just because it is >> *possible* to do, doesn't mean it is something that the average user >> need worry about. The kind of folks that do need to worry about such >> things are already aware of the flashable firmware vectors. > > > Hmmm! No doubt you will review the response made by Peter Foldes. > > "Average users" are *not* reading groups such as this (IMO!) > > Thank you for agreeing (at long last!) FTR, that the BIOS *can* be > infected! At long last? I've been saying that all along. Where I disagree is when you suggest a user reflash the firmware because of a banking trojan. Just because it is possible, doesn't mean it is happening. Besides, if you read the article, it applies to non-signed BIOS firmware code. > Perhaps you will suggest in what manner this might be achieved in > practice? Would simply clicking on a link achieve same? Same way as any other trojan with admin rights.
From: FromTheRafters on 15 Jun 2010 18:20 "~BD~" <.BoaterDave(a)hotmail.co.uk> wrote in message news:hv8r6d$519$1(a)news.eternal-september.org... > In real life, my pal from IBM has said that he HAS seen this! Not a virus he hasn't. ....as for other modified BIOS malware, it would be interesting to hear of his experience. Did the malware have a name assigned to it?
From: gufus on 15 Jun 2010 18:45 Hello, FromTheRafters! You wrote on Tue, 15 Jun 2010 18:16:56 -0400: F> At long last? I've been saying that all along. Where I disagree is when F> you suggest a user reflash the firmware because of a banking trojan. F> Just because it is possible, doesn't mean it is happening. Besides, if If I understand this thread correctly, the code has to be flashed to the BIOS /first/ via a floppy or CD? Or could the BIOS code be flashed via malware? I'm not too too sure. -- With best regards, gufus. E-mail: stop.nospam.gbbsg(a)shaw.ca
From: Dustin Cook on 15 Jun 2010 19:08 stop.nospam.gbbsg(a)shaw.ca (gufus) wrote in news:1276616449(a)f77.n342.z1.fidonet.org: > Hi Heather, > > Tuesday June 15 2010, Heather writes to FromTheRafters: > > >>> Firmware. In this paper we will show a generic method to > >>> inject code into unsigned BIOS firmwares. This technique > >>> will let us embedd our own code into the BIOS firmware so > >>> that it will get executed just before the loading of the > >>> operating system. We will also demonstrate how having > > EZ-Disk's EZ-BIOS will do this quite easily, EZ-BIOS is a BIOS > extension, which breaks the older IBM/AT CMOS's LBA 8.4gb HDD barrier. > Any good programmer could write code like this, it writes code to the > boot sector first, before the OS loads. EZBIOS does *not* alter the BIOS present on the host computer. It installs it's own modified mbr boot loader instead. Not really even the same critter... chalk it up to another one of those misnamed :) -- A fanatic is one who can't change his mind and won't change the subject -Winston Churchill
From: Dustin Cook on 15 Jun 2010 19:10
"~BD~" <.BoaterDave(a)hotmail.co.uk> wrote in news:hv89gk$9mf$1 @news.eternal-september.org: > "FromTheRafters" <erratic(a)nomail.afraid.org> wrote in message > news:hv7olu$5lh$1(a)news.eternal-september.org... > %20and%20Alfredo.txt >> >> Is there a question? > > I've recently attended a boating rally. One of my fellow boaters is a > 'guru' who works for IBM here in the UK. I asked him a simple question:- > > Can viruses/malware reside inside a computer somewhere other than on the > hard disk? > > His immediate answer was ......... "Yes. In the BIOS". You should have asked him to provide even one actual virus name of one that actually does that, then. > My question to you, FTR, is why do folk not discuss this in the relevant > Usenet groups? For the most part, it's not much for discussion. BIOS isn't universal, one size doesn't fit all. In order to craft a virus to infect one, would be very specifc to that one particular BIOS firmware. IE: not worth the hassle. -- A fanatic is one who can't change his mind and won't change the subject -Winston Churchill |