How Can We Protect our Computer with Free Security Solutions

D

Deleted member 178

bogdan said:
With most image backup solutions the MBR gets backed up as well and as long as your image is clean you can get rid of boot rootkits as well.
Click to expand...

But this malware infect the BIOS so it inject itself over and over into your newly restored MBR.

Known as Trojan.Mebromi, the rootkit reflashes the BIOS of computers it attacks to add malicious instructions that are executed early in a computer's boot-up sequence. The instructions, in turn, alter a computer's MBR, or master boot record, another system component that gets executed prior to the loading of the operating system of an infected machine. By corrupting the processes that run immediately after a PC starts, the malware stands a better chance of surviving attempts by antivirus programs to remove it.
Click to expand...

http://www.theregister.co.uk/2011/09/14/bios_rootkit_discovered/

...The BIOS is now infected, and the dropper goes to its next step: infecting the Master Boot Record...
Click to expand...

http://blog.webroot.com/2011/09/13/mebromi-the-first-bios-rootkit-in-the-wild/

Jack's Thread of it on MalwareTips : http://malwaretips.com/Thread-Mebromi-BIOS-Virus-Out-in-the-Wild?highlight=mebromi
 
  • Like
Reactions: vtqhtr413
bogdan

bogdan

Level 1
Jan 7, 2011
1,362
True. The solution could be resetting your BIOS before restoring the backup image of your HDD. Luckily such malware are rare.
 
Littlebits

Littlebits

Retired Staff
May 3, 2011
3,893
bogdan said:
True. The solution could be resetting your BIOS before restoring the backup image of your HDD. Luckily such malware are rare.
Click to expand...

Most PC techs can reset your BIOS without any problems on some motherboards all you have to do is remove the BIOS battery for 3 minutes and replace it and the BIOS will auto restore to factory defaults, BIOS malware completely deleted.

Thanks.:D
 
D

Deleted member 178

Exactly what i said, annoying to do, especially on a laptop (because i have a laptop) ^^
 
Littlebits

Littlebits

Retired Staff
May 3, 2011
3,893
Some other things I forgot to add about BIOS malware.

It is extremely rare for a home system to get infected with one here is why:

1. They only target business, corporations, government, military systems, etc. They don't target home systems, the possibility is really slim that a home system would get infected with a BIOS malware. (Of if you are one of the malware collectors and like testing them that could cause an accidental infection).

2. Most modern motherboards have Antivirus protection, sometimes not enabled by default for compatibility. It is usually listed in the security section of your motherboard's BIOS setup. How this works is it puts a block on writing in the BIOS, where is hard drive has no access to the BIOS. I have this option enabled on my system but if you even need to flash or update your BIOS it will fail. You will have to disable this security feature to update or flash your BIOS. On some motherboard BIOS, you may have problems with this security feature enabled. Might follow the advice of your BIOS setup before enabling it, if it is disabled by default.

Good day.:D
 
H

HeffeD

Level 1
Feb 28, 2011
1,690
bogdan said:
Luckily such malware are rare.
Click to expand...

Rare enough to not even be considered a threat...

Any malware that flashes your BIOS would have to target an extremely small subset of hardware. Not enough of a return to be worth developing for malware authors. Can you imagine trying to write specific malware for each mobo/chipset configuration? :rolleyes:
 
bogdan

bogdan

Level 1
Jan 7, 2011
1,362
The BIOS is not needed as much nowadays since the OS can talk to the hardware on its own, but it is still used during the boot process and it is a little bit annoying that this not so crucial legacy stuff can host a dangerous infection. But yes, it is hard to write one because you have little space to work with and it requires deep knowledge. However they are introducing larger Extensible Firmware Interface (EFI) as a replacement for the old BIOS and that could lead to new threats unless there are some built-in security features.. I don't know.
 
M

malbky

Level 1
Jun 23, 2011
1,011
Nope pcjunklist if the malware coded UEFI bios is signed by a leaked certificate or if a virus adds one more certificate to your list(it can be done, read the article on secure boot of windows8), then surely the malware bios can execute. As earth said EFI brings in new possibilities.
 
You must log in or register to reply here.

Similar threads

JoeN
    • Like
New Update AdBlocker Ultimate MV3 Chrome extension
Replies
17
Views
1,280
Web Extensions
JoeN
JoeN
BigWrench
    • Like
    • Thanks
    • +Reputation
Ending Soon ZoneAlarm Extreme Security NextGen - Free License
Replies
184
Views
33,502
Giveaways, Promotions and Contests
Sorrento
Sorrento
BigWrench
    • Like
    • +Reputation
    • Wow
  • Locked
Ending Soon VIPRE Advanced Security for Home v12.0.1.203 Free 1 Year License (14 months)
Replies
47
Views
9,242
Expired Giveaways
bowhunter
B

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top