• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

Researchers find uefi rootkit that is actively being abused

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.
Kenrou

Kenrou

Member
Joined
Aug 14, 2014
How is it possible to plant a virus in the bios? eek.gif
Click to expand...



Yes, the BIOS is software. If it is writeable/flashable, it is possible for the BIOS to be overwritten or modified such that it performs malicious actions. The BIOS boots before the operating system and bootloader, so it is entirely possible for BIOS malware to impact and infect on each boot or on fresh installs.
This is not a windows specific problem. The BIOS provides the lowest level hardware interaction/abstraction and the OS will depend upon this code, so it may be possible to write generic or OS specific malware.

It's nothing new. Been happening for years. Very rare though.
 
Thank you, I always considered bios to be like "calculator" type software in its complexity where it is so limited in its ability to do something else, other than manage PC components .
 
I can see that you could access the bios via the os, our overclocking software does so and some motherboard software can update the bios from the os.
I would think that the software would be os specific, our overclocking software is.
 
Anything bios is not OS specific.
Bios doesn't care if you run any version of windows, linux, or osx.
 
Don't worry, either MS, Google, or Apple will certainly make sure that there are no data leaks of any kind. lie
Extremely trivial to secure a piece of hardware, regardless of it's instruction set/s. But that of course is not their intents.
 
MR. Scott, I agree with you on that point, but they would have to start the attack from within the os wouldn't they?
 
caddi daddi said:
MR. Scott, I agree with you on that point, but they would have to start the attack from within the os wouldn't they?
Click to expand...

Generally the BIOS has access to the interwebz at startup through the LAN, but would think you're right. Seems the easiest way to infect remote machines. People will do some strange things with their inboxes.
 
caddi daddi said:
MR. Scott, I agree with you on that point, but they would have to start the attack from within the os wouldn't they?
Click to expand...
I suppose they would, yes. Only the injection would be OS specific though. The actual virus would be generic code.
 
Mr.Scott said:
I suppose they would, yes. Only the injection would be OS specific though. The actual virus would be generic code.
Click to expand...

How many Windows use simllar/same boot .inis? Would that make it easier to make it a braoad spectrum infection? Say, W7/W8/W10 have similar boot folders, would they be able to just write one injector?
 
Alaric said:
How many Windows use simllar/same boot .inis? Would that make it easier to make it a braoad spectrum infection? Say, W7/W8/W10 have similar boot folders, would they be able to just write one injector?
Click to expand...

Probably.
 
Grrrrreat.
Now I have something else to worry about while I try to figure out why my rig $*** the bed. Either mobo or RAM. Or rootkit. LOL
 
Normally that would ring true. However, with mining as it is now, that is money to some, so I wouldn't put it past anybody to bot miners.
 
I had a miner bot once. Got it from normally safe webpage. MSE found it, but I was surprised as I don't download anything unless I have high confidence in the site. It can happen, even to those of us who wear a tux to the vasectomy. "If I'm gonna be imoptent, I'm gonna look impotent!"
 
You must log in or register to reply here.
Back