Security researchers create persistent BIOS virus

Posted on Wednesday, March 25 2009 @ 1:06 CET by Thomas De Maesschalck

Argentinian security researchers Alfredo Ortega and Anibal Sacco from Core Security Technologies have created a proof of concept of a virus that injects persistent code into the BIOS of your computer. The scary part about this rootkit is that it can't be easily removed, you won't get rid of it by formatting your hard drive or flashing your BIOS.

ZD Net reports the researchers demonstrated the code on three systems; one with Windows, another one with OpenBSD and also a PC running VMware Player.

“It was very easy. We can put the code wherever we want,” said Ortega. “We’re not using a vulnerability in any way. I’m not sure if you understand the impact of this. We can reinfect the BIOS every time it reboots.”

Sacco and Ortega stressed that in order to execute the attacks, you need either root privileges or physical access to the machine in question, which limits the scope. But the methods are deadly effective and the pair are currently working on a BIOS rootkit to implement the attack.

“We can patch a driver to drop a fully working rootkit. We even have a little code that can remove or disable anti-virus,” Ortega said.

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

Loading Comments

Share this story!