January 27


Rootkits to target BIOS soon?

At the recent Black Hat Federal Briefings, a presentation was given, which proposes that rootkits may soon attack the BIOS of a compromised system, via the ACPI subsystem, which intention is to provide some hardware control for power savings. This would give them multiple advantages over the current approach to a rootkit.

First, since the BIOS loads before the system actually boots from the hard drive, it has the potential of infecting multiple operating systems on the same hardware.

Next, a well-written rootkit that has been installed, undetected, to your BIOS has an extremely high likelihood of continuing to be effective, and indeed most likely recompromising your system after a complete format and reinstallation of your operating system.

Finally, a good implementation is likely to be very difficult to detect, initially, if an attacker is diligent about covering the tracks of their presence.

A PDF of the slides from the presentation at BlackHat can be found here: http://www.blackhat.com/presentations/bh-federal-06/BH-Fed-06-Heasman.pdf
The PDF includes a starting point for people wishing to mitigate this particular type of potential attack vector. Recommendations include “write protecting” the flash memory of your BIOS, if your motherboard supports it; and disabling ACPI support, both in the BIOS and operating system.

Thanks to SecurityFocus, and Slashdot for the story.


You may also like

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Tired of feeling defeated on Friday?

Where the stack of work to get done is bigger than what got finished. You dread next week before the weekend even begins.

It doesn’t have to be this way.