- Jan 24, 2011
- 9,379
Softpedia said:Security specialists have recently discovered a virus that makes its way into the BIOS, making it very hard to get rid of using current commercial anti-virus solutions.
The virus called Mebromi seems to be focused towards Chinese users, especially AMI BIOS owners, but this doesn't mean that the rest of the world is safe, as this could represent a gate opener for hackers who want to make sure our computers remain under their control.
A full description of the way Mebromi functions was posted on the Webroot Threat Blog, giving us an insight on how this malicious element makes its way to the very core of a computer.
The BIOS rootkit, an MBR rootkit, a kernel mode rootkit, a PE file injector and a Trojan downloader are the elements encapsulated in this potentially destructive malware, which at the moment is unable to cause any damage to machines running 64-bit operating systems if the user privileges are limited.
The whole thing starts with a few files that try to access the kernel to load the virus's own kernel driver that will later generate the serious part of the infection.
After it successfully infects the BIOS using a file called Cbrom.exe, which is a legitimate tool developed by Phoenix Technologies designed to modify the Award/Phoenix system's ROM binaries, it moves to infecting the master boot record of the device.
The winlogon.exe or wininit.exe files are also corrupted and injected with codes that will generate the download of additional infections.
Read more
Webroot Threat Blog : Mebromi: the first BIOS rootkit in the wild