January 27

Rootkits to target BIOS soon?

At the recent Black Hat Federal Briefings, a presentation was given, which proposes that rootkits may soon attack the BIOS of a compromised system, via the ACPI subsystem, which intention is to provide some hardware control for power savings. This would give them multiple advantages over the current approach to a rootkit.

First, since the BIOS loads before the system actually boots from the hard drive, it has the potential of infecting multiple operating systems on the same hardware.

Next, a well-written rootkit that has been installed, undetected, to your BIOS has an extremely high likelihood of continuing to be effective, and indeed most likely recompromising your system after a complete format and reinstallation of your operating system.

Finally, a good implementation is likely to be very difficult to detect, initially, if an attacker is diligent about covering the tracks of their presence.

A PDF of the slides from the presentation at BlackHat can be found here: http://www.blackhat.com/presentations/bh-federal-06/BH-Fed-06-Heasman.pdf
The PDF includes a starting point for people wishing to mitigate this particular type of potential attack vector. Recommendations include “write protecting” the flash memory of your BIOS, if your motherboard supports it; and disabling ACPI support, both in the BIOS and operating system.

Thanks to SecurityFocus, and Slashdot for the story.


You may also like

Are you using frameworks properly?

Leadership and communication are actually layers, not levels

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Subscribe to our newsletter now!