Mebromi BIOS Virus Out in the Wild

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,379
Softpedia said:
Security specialists have recently discovered a virus that makes its way into the BIOS, making it very hard to get rid of using current commercial anti-virus solutions.

The virus called Mebromi seems to be focused towards Chinese users, especially AMI BIOS owners, but this doesn't mean that the rest of the world is safe, as this could represent a gate opener for hackers who want to make sure our computers remain under their control.

A full description of the way Mebromi functions was posted on the Webroot Threat Blog, giving us an insight on how this malicious element makes its way to the very core of a computer.

The BIOS rootkit, an MBR rootkit, a kernel mode rootkit, a PE file injector and a Trojan downloader are the elements encapsulated in this potentially destructive malware, which at the moment is unable to cause any damage to machines running 64-bit operating systems if the user privileges are limited.

The whole thing starts with a few files that try to access the kernel to load the virus's own kernel driver that will later generate the serious part of the infection.

After it successfully infects the BIOS using a file called Cbrom.exe, which is a legitimate tool developed by Phoenix Technologies designed to modify the Award/Phoenix system's ROM binaries, it moves to infecting the master boot record of the device.

The winlogon.exe or wininit.exe files are also corrupted and injected with codes that will generate the download of additional infections.


Read more

Webroot Threat Blog : Mebromi: the first BIOS rootkit in the wild
 

Tom172

Level 1
Feb 11, 2011
1,009
Analysis of Trojan.Mebromi/Boot.Mebromi

There are more and more known viruses that infect the MBR (Master Boot Record). Symantec Security Response has published a blog to demonstrate this trend last month. However, we seldom confront with one that infects the BIOS. One of them is the notorious CIH appeared in 1999, which infected the computer BIOS and thus harmed a huge number of computers at that time. Recently, we met a new threat named Trojan.Mebromi that can add malicious components into Award BIOS which allows the threat to take control of the system even before MBR.

http://www.symantec.com/connect/blogs/bios-threat-showing-again
 
D

Deleted member 178

yes bad and well crafted malware, the 1st lesson is never use admin account without UAC at Max.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top