Slashdot Mirror
Researchers Demo BIOS Attack That Survives Disk Wipes
suraj.sun writes "A pair of Argentinian researchers have found a way to perform a BIOS level malware attack capable of surviving even a hard-disk wipe.
Alfredo Ortega and Anibal Sacco from Core Security Technologies — used the stage at last week's CanSecWest conference to demonstrate methods (PDF) for infecting the BIOS with persistent code that will survive reboots and re-flashing attempts. The technique includes patching the BIOS with a small bit of code that gave them complete control of the machine. The demo ran smoothly on a Windows machine, a PC running OpenBSD and another running VMware Player."
Tsarkon Reports Obama bent on bankrupting USA
Barack is hell bent on bankrupting the USA once and for all ; read everything below and you might finallybegin to understand.
- Chairman Barack Hussein "The Teleprompter" Obama is deeply connected to corruption, Rahm Emanuel (Radical authoritarian Statist-Zionist whose father was part of the Murderous Civilian Killing Israeli Terrorist Organization known as IRGUN), Connected to Rod Blagojevich (Rahm inherited Rod's federal-congress seat), Connected to Ayers, a man who promotes the concept that civilian collateral damage is ok in a war against freedom, Preacher Jeremiah Wright, who is himself a black-elitist who wants all the people who largely "pay the freight" to suffer, 31 million on food stamps, more blacks are in prison and on food-stamps per capita than anyone else. The problem with Wright is simply this: the facts are "racist."
- Obama: Racist, AIPAC-Zionist, Corrupted and a Traitor and a Liar who can't even produce a valid birth certificate (which is not a certificate of live birth)
- Raytheon lobbyist in Pentagon
- Goldman Sachs insider second in command at Treasury.
- Cabinet has had several nominees and appointees with multiple tax fraud issues.
- The head of the IRS and the head of the Treasury, Geithner, is a Tax Cheat
- Lied about no lobbyists
- Lied about having a new degree of accountability and a SUNSHINE period of new laws, he has signed bills with little or no review at whitehouse.gov as promised.
- Appointed a second amendment violating Rich-pardoning treasonist Eric Holder as AG, the top cop of the USA, a man who helped a fugitive evade justice.
- Has not put a dime in for a single new nuclear power plant but wants to help bridges and roads to promote more driving.
- Obama, Blagojevich and Rahm Emanuel have a LOT to hide. They literally lived next to each other, Rahm had (until being Chairman Obama's Chief of staff) Blagojevich's old federal congressional seat. Blagojevich helped Chairman "The Teleprompter" Obama cheat his way to the Illinois senate by getting other candidates thrown off the ballot in Illinois. Why do you think Blagojevich was so mad? Obama DID owe him, big time. Rahm and Obama are using Blagojevich and trying to cut his head off to keep him away.
- Tony Rezko, Iraqi Arms Dealer Nahdmi Auchi, and of course Aiham Alsammarae. Chairman "The Teleprompter" Hussein Obama is so corrupted its a joke.
- Fools and "useful idiots" twist the pie charts by leaving welfare, workfare, interest on debt, social security, Medicare and Medicaid out and focusing only on non-whole "discretionary" pie charts.
2007 high level pie chart, Federal Budget, USA
2009 Pie chart, detailed, Federal Budget, USA
- Chairman Obama is drastically increasing spending and creating more entitlements that will make the US less competitive (especially against China, India, East Europe/Russia). This will be a huge disaster and change you can believe in will strap you and your grandkids with more debt. No taxation without representation? Obama is spending money for the next two-three generations and they can't even vote yet, or even have been born.
- An alternative to the dollar and a forex and a reserve currency came up at the last G20 meeting. The world will not take faith in Obama's liar-socialist spending and welfare state, why should the taxpayers (plebian citizen-slaves of a police state).
- The spending going on now vastly eclipses all previous spending. In fact, the massive trillion plus debts is a thing of the 80's onwards. Congress signs the checks, remember that Year after year, as egregious as the pentagon spending is, that the social spending is completely a waste of money and it is unfunded over the long term. Eisenhower built the interstates, the US could build a new power infrastructure with this money but instead is be
Last I checked, the BIOS lives in a chip, not the HDD. Thus the magic diskless booting. How is this news?
there are 2 kinds of people. those who divide people into 2 kinds, and those who don't.
It's official - we're screwed.
Would this affect only Intel, or is this entirely unrelated to this previous article?
http://it.slashdot.org/article.pl?sid=09/03/19/179228
Some people are only alive because it's against the law for me to hunt them down and kill them.
preinstalled, on ASUS boards: it was the BIOS itself. It too survived hard disk wipes, but it didn't survive my sledgehammer.
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
"Sacco and Ortega stressed that in order to execute the attacks, you need either root privileges or physical access to the machine in question, which limits the scope."
Hmm, I'd say you are pretty much pwned in that case even before the attacker infecting the BIOS.
U+F8FF
If BIOSes, CPUs, and other low-level software had factory-reset pins that could not be bypassed through patching, we wouldn't have these problems.
If the pin is set during POST, the CPU, BIOS, or whatever would reset itself to factory conditions. The device would be configured so the factory-reset sequence could not be tampered with through software updates alone.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Of course you can infect a BIOS. It has drawbacks, however. One is very limited space. A second one is that BIOSes flash differently on different mainboards. Maybe not too differently, which would be a real problem. Hoperfully, there is not enough space in the average BIOS for self-relication (which would need exploit code and flasher code at least).
The fact that this is possible is mildly entertaining, nothing revolutionary. Would have been possible (and obviously possible) with the first Flash BIOSES around.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
What were the editors thinking of when they wrote "perform unveil"?
If the BIOS were not hackable, replacing the drive and resetting the boot sequence, BIOS password, and other settings would be sufficient to re-own your machine.
Of course, if your BIOS password were changed, you'd be out of luck, but at least you'd know it.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
So, you patch in some code into the BIOS. Would you be overwriting some functionality to accomplish this? If so, by checking said functionality, could you tell if your BIOS has been corrupted? Such as something simple as seeing if some keyboard functionality still exists (CTRL-ALT-something) or a utility program that iterates through BIOS interrupts and sees if the proper return codes and values come back in the registers?
Good thing I have EFI instead.
Wait, you want me to open a PDF from folks who know how to create such a supervirus? Hmm.
Is this a news report or a trailer for a motion picture?
A quick Google shows BIOS malware going back some time, so I don't know what so different from this one...
Need an ISP in South Africa?
So what's the only way to be sure?
Fuck systemd. Fuck Redhat. Fuck Soylent, too. Wait, scratch the last one.
Isn't there some sort of Open Source BIOS initiative out there? I wonder if it too is affected by this exploit.
It would seem that this is a pretty major exploit if it can be pulled off remotely against the different flavors of BIOS. I mean, unlike a thumb drive, you couldn't simply add a little write lock button on the motherboard to lock the bios into read only mode, could you? The BIOS reads a lot of values from the system as it is booting and after the OS is loaded, so I can't see how you could simply lock down the BIOS to prevent unauthorized writes to it.
Sig Follows: "Suppose you were an idiot. And suppose you were a member of Congress. But I repeat myself." -- Mark Twain
I am looking for when an exploit is installed using electromagnetic induction, not just reading the bits remotely but modifying them.
I can see it now. Everybody's computer will come preinstalled with a Faraday cage.
Looks like instead of whack-a-mole we are playing whack-a-hole.
I regret that I only have one mod point to give per post.
Since the BIOS information is stored in Flash memory and not the hard drive, it's rather obvious that a BIOS level attack survives a hard disk wipe.
Neither article even mentions hard drives, so I'm wondering why the author felt the need to editorialise. I guess it's to be expected with Slashdot.
"The demo ran smoothly on a Windows machine, a PC running OpenBSD and another running VMware Player." If it's an attack on the BIOS, why would it be dependant on the OS
Shouldn't the virtual BIOS be just a file on the host which you can simply set to read-only to disallow writing?
I was with the summary until that last part... A windows machine, I can accept that. An OpenBSD machine, I can accept that too. But another machine running VMware Player? Thats not an OS, so I don't even know what they were trying to say.
Overclockers
...because Ninnle Linux has adaptive protection against such things.
Not only do you need root or physical access, you also need the victim to be using a particular type of BIOS. While you could abstract this up to a module, so that it nailed all Phoenix BIOSes, or all Award BIOSes, you'd still need semi-specific payloads for each BIOS OEM. Also, you'd need the target to be using a mainstream commercial BIOS, not UEFI, OpenFirmware, or anything similar.
UEFI will be here and widespread very soon (it's in some machines already, and more every day), and the only real power this 'new' malware has is the persistence/difficulty in removal.
Not impressed.
The preceding comment is my own, and in no way construes an opinon of the Emperor of Mankind.
And here I thought that all the virus writers were just wimps using XSS and Word macros to run generic malware. I wondered where the old school BIOS viruses had gone.
Check out my sysadmin blog!
So I came home from work the other day to discover my cat mittens laying on the floor. His breathing was very shallow and his eyes were very glassy. When I approached him I noticed a belt tied around his arm and both a syringe and a bent spoon laying beside him. Despite all his promises to the contrary, my beloved Mittens has started shooting up smack again!
Fortunately the paramedics showed up quickly and gave him some naloxone which saved him. Unfortunately the problem of my cat being addicted to heroin still remains. Last week he sold my stereo and this weekend Mittens offered to perform oral sex on me in exchange for a hit.
I love my cat and want to see him off this horrible drug. Unfortunately he won't stop on his own! Mittens says he can quit anytime he wants to and becomes combative when I force the issue. I'm tired of seeing him throw his life away. He could've been a great mouser, one of the best before he got hooked.
Can anyone recommend a way to get my cat off heroin? It would be much appreciated.
Also, this must be said; I dont want to fuck my poor cat mittens. I love him dearly. IF he offered oral sex as a hit, and I would never compromise the sanctity and trust of our brotherly (non gay, non sexual) relationship! I thank youall for your genuine concern for the safety of my genitals with regard to animal contact with sandpapery cat tongues, I assure your that fornicating with animals is not on the repitoire!
Please, if you know how to help poor mittens get off the smack, please, for the love of god help. Its mittens darkest time, and I dont want this to turn out like that beefy rugby guy who died on junk in Trainspotting. I dont want me or mittens to swim in toilets either. Please, help!!
So, on what base should I trust Asus or somebody to give me a 'clean' bios? When I look at some mainboards with strange additional functionality, I wonder when they will start packing adware onto the chip.
Is there a usable open-source bios alternative available? I've heard about something (and forgot the name) but am not sure whether this can replace my current bios now or is intended for some 'future use'.
You mean, like the BIOS-induced "Flash Write Protect" option in virtually every single BIOS ever made in the last ten years or so?
In April 26, 1999, I turned on my computer, and it met me with a black screen. Turned out that my BIOS was flashed because of this virus: http://en.wikipedia.org/wiki/Chernobyl_virus . Had to re-flash the BIOS. Obviously BIOS could have been loaded with something else other than simply erased.
LiFe iS bEAuTiFul
I thought since that really nasty virus that would brick PCs by writing to bios' that every mobo maker put in write protection that, if enabled, would halt the system when something tried to write to the BIOS.
Wouldn't this prevent this kind of attack?
I'm always stunned to read about "researchers" discovering and demonstrating attacks and security flaws that not only have long existed in the wild but that are in fact very commonly found on computers. This particular one hit me years ago and I've since seen it all over the place. Similarly, there's a great hoohah about the supposedly innovative confickers worming around the web. Reading through the reports you wouldn't know the same techniques have been common (with more effort made at cross-platform and hardware-level exploitation) for at least four or five years. I just wonder how often these people look at actual systems to see whether they're compromised, as opposed to assuming they're okay. When I look at people's computers, they're essentially always polluted. The questions are only how bad and by whom.
Let me get this straight:
It pretty much requires physical access and root. If a malicious person gets that sort of access, I'm screwed anyway.
Ok, so I'm not too worried about anyone installing this on my computer without my knowledge.
What I am interested in is the sort of equipment-tracking possibilities this creates. If I could install a tracking rootkit on a laptop which could silently persist and survive disk wipes and ROM flashes, automatically reporting in whenever it gets net access, it would be a huge advantage if the machine were ever stolen. An OS reinstall is likely, because it's a simple way to circumvent the user account password, but this would even protect against a BIOS flash (which is less likely, but still not out of the question).
Eventually, somebody somewhere would hook the laptop up to the web, probably with a completely fresh OS install, and a subpoena on the IP would reveal their location.
Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
Why the heck not? They used to be the standard. But, people found it ANNOYING. So, it's a much touted feature that the modern BIOS can be rewritten by anybody, without direct access to the machine. My first flashable BIOS, you had to make a boot disk with the new BIOS image, and flashing tool. Then you had to turn the PC off and open the case. Then you had to short the "Write BIOS" jumper. Put the jumper from "OFF" to "ON" for 3+ seconds, then move it back onto the "OFF" pegs. This made it so that the BIOS will accept writes on the next reboot only. You cannot leave the jumper on the "ON" pegs or it won't post, thus preventing you from forgetting about it and leaving the BIOS writable.
Anyways, my new board has two BIOS chips. One is read only I think. There's allegedly a jumper I can set to make it bypass the primary BIOS. It's for recovering from an interrupted or bad patch, but I imagine it would work just fine for removing a BIOS virus, too. (I say allegedly because I've never had cause to look for it).
An Open Source BIOS would not be immune to this, at least, depending on how it works. It patches its own code in. Now, that means on an Open Source BIOS, it could work fine, either because the same code is in the same spot, or because the virus looks for the right spot instead of always writing the same address. Or it could completely trash the BIOS. Either way you're screwed! There's also possibility #3 that it would patch over unused blocks and have no effect, or it would be unable to find the right spot to patch, and so do nothing.
ASCII stupid question, get a stupid ANSI
love egg troll
Controls the everything about the machine...
Every flash upgradeable BIOS needs a monitor program to upgrade the BIOS itself. Typically that monitor program resides in a separate block in flash and is rarely updated (depending on the programmers, of course!). Putting this monitor program in ROM would allow you to solve this and always allow you to update the BIOS.
A picture is worth exactly 1024 words.
I boot without a bios - by toggling in raw machine code from the front panel switches!
This issue is a bit more complicated than you think.
You're being watched . . .
I know it was you, Alfredo. You broke my heart!
The "backup copy" could be nothing more than a bootstrap loader that re-loads and validates the a fresh copy of the "working" BIOS from a known location, such as a hard drive, USB stick, or network.
Even with large flashes, this "backup BIOS" shouldn't take up much space.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
2 questions 1: removing C-MOS chip doesnt work? 2: Dual motherboards? im just wondering b/c i have #2, and I will resort to #1 if I get infected by a BIOS virus
My fear is that it's possible to get the bios directly from the factory in China pre-loaded with a virus 'back-door'. I doubt the Chinese have any use for MY computer, but I'm pretty sure nearly all the PCs in the US government and military come from China, and I suspect the Chinese may have an interest in them.
Would this attack work with a liveCD with the payload? :\ if so... Couldn't this be potentially dangerous? Since you could easily and stealthy infect alot of computers, granted you'll need physical access to a USB port/CD/DVD drive...
Just put a flash jumper on the motherboard that must be set to be able to flash the BIOS. Seems to completely solve the problem.
The fact that this was allowed to happen is clearly a defect in design, materials, or workmanship.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
they develop a method that survives a bout with a chip puller.
lose != loose
i'm still trying to figure out what the creepy japanese girl with the long hair was doing the whole time
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
No. You can't. The BIOS is the first thing that is run at cold boot time. If it is already infected then you can attempt to ensure that it remains infected. If it is not infected, your code doesn't exist in the BIOS to "reinfect" it. During a warm boot (aka reboot) the code remains resident so, again, it is already infected, making it impossible to "re-infect". Nice hyperbole though.
And I have a penis, which makes it rather limiting when I visit the Gynecologist.
... Wind^H^H^H^H err... ahhh... no. I listed all the well known ones I guess.
News flash: If one has proximity, anything is possible. If I have unfettered access to a machine then I can ensure that I can continue to have that access. No shit. Write up something worth reading when you can obtain the access sans my permission in the first place, or at least don't try to claim that it is a threat to *BSDs, Linux, OS X, and other secure Operating Systems. I know I'm missing one
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
AMD has contributed to Coreboot support on their boards for about 2 years now. (According to the news posts at least.)
It all depends on the BIOS of the machine, which is not supposed to be able to be accessed while operation of the OS, some of the newer ones might, but early 2000 we saw some machines coming out with BIOS that was not reachable by the OS, only when you booted from disk, that was the only time you could do a firmware upgrade, I blame the community for pushing to have everything "easy"...is it not easier to be able to update the BOIS, from inside the OS... I say no, it is not a task you should be doing so easily anyways, flashing a BIOS is last measure, and updating the BIOS, (especially if you can easily brick a computer) is not something to be done often.
So what's the only way to be sure?
Nuke it from space, it's the only way to be sure.
"capable of surviving even a hard-disk wipe."
The BIOS isn't stored on the hard drive, so why is this surprising?
Coder's Stone: The programming language quick ref for iPad
Well given that the BIOs is not flash-able to clean the infection, to any person of avg, or less then avg computer skill this will mean that the infected computer with this bogus bios, will be rooted until someone goes in to the bios code and does what the attacker had done, which is to "Patch and compensate the 8 bit check sum" to restore the bios to the un infected state. This will be wonderful for PC companys, as they will sell new pc's to replace infected one's =) . (ALL YOUR BIOS BELONG TO US!)
If it's got Tits or Tires, it's gonna give you problems.
Guess they'll have to add Flashable Chips to that saying....
WTF? Over?
Rumor says this is exactly how the FBI's Magic Lantern and the german Bundestrojan works (these are government-run secret network communication interception software tools unlawfully used on the people in the name of war on terror).
Hopefully the new info will allow common people to catch in-BIOS samples of the Magic Lantern and give ACLU a field day in the court of law.
Fight the Future! Down with the secret UN World Goverment, its black helicopters and extraterrestrial allies and the wicked Illuminati who run the whole cabal hell-bent on exterminating 4,5 billion out of the world's 6,5 billion human inhabitants!
...that is scheduled for inclusion in Conficker.D
Every single BIOS made in the last ten years? Seriously? Every, single one?
I have 3 popular motherboards that do not have that option listed anywhere in the BIOS screens or the Motherboard Manual.
Asus Rampage X58
DFI Lan Party X38
Biostar GeForce 6100-M9
Sig Follows: "Suppose you were an idiot. And suppose you were a member of Congress. But I repeat myself." -- Mark Twain
Okay, every *sensible* BIOS in any half-decent board. Seriously, the option is in Award, Pheonix, etc. all the major BIOS's in all the major-name computers I've ever seen. I think I saw a laptop without it once, and once PC that was some bodged-together thing from Japan under a company I'd never heard of.
I don't understand why they don't create a basic bios which can be restored into EPROM by setting a jumper, then you flash a clean up to date version of the BIOS. Short of actual physical access a malware writer could not permanently infect your system.'
And I was wonderning what would be Conficker's next trick...
I boot without a bios - by toggling in raw machine code from the front panel switches!
Well, I boot my computer using only punch cards. And I punch the holes in them myself, from memory! With a twig!!
Meh I've been dreading the resurgence of this kind of crap for years. The whole modern PC is just a wreck of vulnerable / flaky / malfunctioning [even BEFORE someone else besides the system vendor breaks it] firmware. Motherboard BIOS, hard disk BIOS, GPU BIOS, ethernet BIOS, RAID BIOS, etc.
My system BIOS locks up depending on what USB devices I have attached and what state my KVM switch is in. The system doesn't sleep/wake properly due to BIOS bugs. When the system does wake from sleep, virtual machine extensions are broken due to a BIOS bug. Sometimes it'll lock up for lots of other various "external" and internal configuration based reasons. No fix is forthcoming after years. My network BIOS doesn't network boot reliably / properly. My RAID BIOS hangs the machine if certain drives are attached. My crappy ATI GPU BIOS doesn't run the GPU clock speed or fan speed at proper levels and there is NO solution in the GPU driver, only reflashing the BIOS could help (probably voiding my 'lifetime' warranty), and the OEM doesn't and will not offer a fixed BIOS.
BIOSes are one of the great tragic manure piles of modern PCs. The quicker they're replaced ....
with much more open / accessible / easy to develop code bases the better off we'll be.
It is almost incomprehensible how bad manufactures quality control / customer support is when there's a BIOS that HAS to maybe do a FEW DOZEN essential functions on a fixed hardware platform and they don't even get THOSE FEW THINGS done right, e.g. setting proper voltages / fan speeds / sleep / ACPI / USB / booting /
This (like the legacy PC design we're still using after decades) is just stupid.
The BIOS is something like a whole TWO MEGABYTES. Maybe even FOUR MEGABYTES on some higher end systems with a built in backup. That's like FLOPPY DISC SIZED. WTF are we doing with hard soldered non user replaceable BIOS chips and FLAKY / PAINFUL reflashing systems that FAIL a large percentage of the time and could very well BRICK your PC permanently when the BIOS flash or image does get corrupted?
News flash, Intel, put a freaking *MICRO SD / SD CARD* slot on the motherboard, build the chipset to read that data upon boot, and require something like a 512 MEGABYTE SD card for system BIOS / BIOS backups / whatever system log data you want to keep / low security encryption keys or so on. That'd cost like $1 to implement, it'd be using a STANDARD and CHEAP storage medium that is at a minimum 256 times larger than the current solution, and is TRIVIAL to user replace (socketed, ubiquitous media / readers / writers), and even has a HARDWARE WRITE PROTECT switch available right in the socket. Benefits: cheapish, easy to field replace / upgrade, can store darn near unlimited numbers of backups / alternate versions that are easy to switch between, and even has enough storage capacity to store (if you want to) something like a WHOLE EMBEDDED OS on the "BIOS" SD card sort of like the SplashTop or whatever "instant on" type of utility / maintenance / application environments.
Heck if you're feeling generous put TWO micro SD sockets on the board, one which can be switched by the user to be "read only" for BIOS versions and other "semi permanent" data / embedded OS images / whatever. Make the other "read write" for log data and so on.
If you're feeling even more generous add a USB port for a USB flash drive + integrated TPM type chip so that you can actually [user optionally] portably take your system's encryption / authentication / key type data around with you so that it isn't [necessarily] left at an unattended PC, and so that you can choose instead to use it on a laptop or whatever you need to do to get access to your configurations / stuff.
If you want physical security for this stuff, put it inside the PC case instead of on an external port and physically security lock the case.
Even freaking better, let me boot (bios AND 'OS' code) from my choice of USB drive / SSD / flash card. Boot straight into a bare metal h
On some newer hardware, the hardware includes a component called the Trusted Platform Module (TPM.)
He idea behind this is that it requires cryptographic authentication of the BIOS, which surely would fail after this attack.
The end goal of the TPM is to verify each layer of software: BIOS, operating system, programs.
For reference:
http://en.wikipedia.org/wiki/Trusted_Computing
Of course all the open source weenies here will probably want to run their open source software on open hardware that can be infected. Their choice ;)
I've posted my recollection of the presentation which fills in a few of the technical details for some people who missed it - probably missed lots too :)
http://blog.triplecheck.ca/2009/03/few-more-details-regarding-peristent.html
Now I don't have to state the obvious.
However, full disclosure has me admit that I too, did use punched cards. However, I "cheated" and used my privileged access to interactive terminals to compile and debug my code BEFORE I sent it to a card punch for output (since the punched deck of cards was the class requirement. In retrospect, I doubt they spend the money to run the assignments, so it probably didn't matter if they were correct or not. This was back in the day when each print job finished with a "billing" page showing your the not-so-cheap cost to print things).
I pity the poor souls who had to use the public card-punch terminals... it was literally the very last year punched cards were required. heh.
This issue is a bit more complicated than you think.
Here's something it WON'T survive... me simply pitching the f@cking computer out the window and going back to working on my old classic cars. Screw it. It's simply just not worth the hassle or the time any more.
My peace of mind does not depend on
Some folks felt safe surfing the dark side if they did it inside a virtual machine. They thought "hey, if I get something nasty on my machine, I'll just restore my virtual machine from the checkpoint and voi-la, everything's ok again and I can resume working without a heavy re-install pentalty." But if these crazed Argentinians can infect your machine from an ActiveX control while you're surfing in a virtual machine and you have to reflash your bios to cure the infection, if you can cure it at all, then man, we're all hosed. Bad.
That's not preventing me from cleaning the BIOS by reflashing it. That's infecting the bios from the hard drive to continue an infection.
If you wipe the hard drive, the malware returns through the BIOS. If you flash the BIOS, the malware is rewritten through from the hard drive at boot. That's probably why they're working on a rootkit to hide the hard drive half. Make it a lot harder to eradicate.
However, my standard procedure is to pull a hard drive out of the infected computer first and scan it as a slave. That disables the vast majority of malware protections. If this exploit showed up in the wild, then after detecting it, I would also have to reflash the BIOS (not just wipe user settings with the jumper) before putting the hard drive back into the computer and finishing the cleanup. One more thing to do, but nobody said malware cleanup was supposed to be easy.
One other question I have is what type of machine this thing is infecting? They name three operating systems, but don't mention whether it was different motherboards/BIOSes. If the bad guys have to write hardware-specific code bits for every different manufacturer (and every new BIOS), they're the ones who will be working harder.
Fundamentalism is a crime against humanity
This is a bit off topic, but wouldn't it also be possible to flash one's disk drive or HDD from windows as well, creating even more hardware failure/damage?