Rootkits Head for Your BIOS

Artem Tashkinov wrote to mention a SecurityFocus article which discusses a disturbing new threat to computer security: Rootkits that target a computer's BIOS. From the article: "One rootkit expert at the conference predicted that the technology will become a fundamental part of rootkits in the near future. 'It is going to be about one month before malware comes out to take advantage of this,' said Greg Hoglund, a rootkit expert and CEO of reverse engineering firm HBGary. 'This is so easy to do. You have widely available tools, free compilers for the ACPI language, and high-level languages to write the code in.'" Update: 01/27 14:28 GMT by Z : John Heasman wrote with a link to the slide presentation on this topic given at the Black Hat Conference (pdf).

Re:Really?

[Shanep]

Where are such tools? If I knew such things existed, I would have experimented in "bricking" some of my machines YEARS ago

Well there is UNIFLASH with source code. Then there are the likes of CBROM and AMIBCP to modify BIOS images and remove and add/enable drivers, functionality and boot screen graphics. Here and here are good places for info and tools.

Re:Hoglund?

[SilverspurG]

He's also the author of a well-known book on rootkits. It's a pretty good read. Maybe you should revise your ill-informed personal opinion.

He doesn't just write rootkits. He teaches seminars on how to write them. He's not a blackhat any more than the this guy. I guess that puts you on par with Oracle.

Re:Simple Solution

[SilverspurG]

One of the reasons why BIOS is flashable is to help the manufacturers. Oftentimes they have the hardware but they don't have the code written yet. Take the Dell D800 laptops for example. When they first shipped the external audio and S-video ports were nonfunctional because they hadn't written the software to put the wires together internally yet. It wasn't until rev. A13, maybe A14, of their BIOS that these ports were enabled. The D800 that I was privy to shipped with BIOS rev. A11.