Argentinian security researchers Alfredo Ortega and Anibal Sacco from Core Security Technologies have created a proof of concept of a virus that injects persistent code into the BIOS of your computer. The scary part about this rootkit is that it can't be easily removed, you won't get rid of it by formatting your hard drive or flashing your BIOS.
ZD Net reports the researchers demonstrated the code on three systems; one with Windows, another one with OpenBSD and also a PC running VMware Player.
“It was very easy. We can put the code wherever we want,” said Ortega. “We’re not using a vulnerability in any way. I’m not sure if you understand the impact of this. We can reinfect the BIOS every time it reboots.”
Sacco and Ortega stressed that in order to execute the attacks, you need either root privileges or physical access to the machine in question, which limits the scope. But the methods are deadly effective and the pair are currently working on a BIOS rootkit to implement the attack.
“We can patch a driver to drop a fully working rootkit. We even have a little code that can remove or disable anti-virus,” Ortega said.