I remember Mebromi BIOS rootkit which can infect Award ROM BIOS manufactured by Phoenix Technologies, by transferring a part of its code within the chip, responsible for the first phases of the PC bootstrap.
Mebromi then infects the Master Boot Record of the hard disk (sector 0 of the disk where the BIOS passes the control of execution to the end of bootstrap), finally running a kernel rootkit in Windows to hide the infection to the operating system and antivirus.
Now as you see, everything is based on deception: the corruption of DNS servers that redirect to malicious sites or phishing/social engineering attacks!
No user or operating system is immune from these attacks...just common sense.