The Chinese Manufacturers AV 360 has discovered a bug in the wilderness,
which settles into the BIOS of the computer. There, he eludes the grasp
of traditional virus scanners. Mebromi pest called the checks at the
beginning of the infection, whether the victim's computer uses an Award
BIOS. If so, it executes the command line tool from CBROM latch to its
expansion in the BIOS. The next time you boot the BIOS extension placed
in the master boot record (MBR) of hard disk other code before the
Windows boot processes winlogon.exe and winnt.exe Windows XP Windows
2000 and 2003 respectively infected.
After Windows starts loading the malicious code a rootkit on the
network, which should prevent the MBR of the disk is cleaned by a virus
scanner. Should this succeed but once the infection routine the next
time the BIOS module is repeated. Even a hard disk replacement, easily
survived Mebromi. If no award comes on the computer BIOS to use, the
pest is content with the infection of the MBR.
The idea to embed a malicious routine in the BIOS is not new, but the
pest can let off steam, regardless of the virus scanner. As early as
1999, the CHI virus has tried to manipulate its host's BIOS. However,
this was purely destructive effects, the BIOS has been overwritten and
the computer started and then no more. 2009 security researchers
presented a scenario to anchor a rootkit in the BIOS. So far, however,
no BIOS pest of breakthrough. Probably because there simply are too many
different motherboards - and thus also different ways to flash the BIOS.
No comments:
Post a Comment