Oh joy the BIOS level trojan is finally here

Subject: General Tech | September 13, 2011 - 01:00 PM |
Tagged: security, fud, bios, trojan, bmw

You do not want BMW; it is a Trojan that uses your master boot record and your BIOS to ensure that it remains on your system so even after a format and reinstall of Windows it will still be infecting you.  It originally infects winlogon.exe on Windows XP and Server 2003, and to wininit.exe on Windows 7 and Vista but once it is on it installs and uses HOOK.ROM at the BIOS level to check to see if it has been uninstalled and if so it will reinstall itself.  The Register points out that in this case the enormous variety of BIOS setups is a good thing as it ensures that any BIOS level virus will always be limited in scope even if it is a vulnerability shared by a single BIOS type.

View Full Size

"SECURITY RESEARCHERS at Chinese antivirus firm 360 have identified a piece of malware that installs rogue code into the BIOS of targeted computers.

Dubbed BMW by 360 and Mebromi by other security vendors, the threat has separate components for the operating system, the master boot record (MBR) and the system BIOS."

Here is some more Tech News from around the web:

Tech Talk

 

Source: The Inquirer
September 23, 2011 | 11:26 AM - Posted by Mechromancer (not verified)

Does this virus effect EFI BIOSes? Also I figure an easy way to get rid of it is to overwrite your BIOS. I assume the problem will be detection.

September 26, 2011 | 06:06 PM - Posted by Jeremy Hellstrom

This is aimed at a specific Award BIOS, at least for the BIOS infection portion, so for now the UEFI style BIOSes are safe

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <blockquote><p><br>
  • Web page addresses and e-mail addresses turn into links automatically.

More information about formatting options

By submitting this form, you accept the Mollom privacy policy.