Security Basics mailing list archives
Re: Any solution for a virus in the BIOS?
From: "Michael R. Martinez" <mike () security-bounce com>
Date: Tue, 4 Dec 2007 15:34:01 +0000
Yes, all good points. Good luck with boot virus, perhaps in the future hacving some kind of virus protection will improve your overall security and prevent future infection. Michael R. Martinez TF: 800-987-7307 -----Original Message----- From: PCSC Information Services <info () pcsage biz> Date: Mon, 3 Dec 2007 23:00:19 To:Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net> Cc:security-basics () securityfocus com Subject: Re: Any solution for a virus in the BIOS? On 3-Dec-07, at 4:02 PM, Ansgar -59cobalt- Wiechers wrote:
On 2007-12-03 Michael R. Martinez wrote:On Mon, 3 Dec 2007 19:40:00 Ansgar -59cobalt- Wiechers wrote:On 2007-12-02 admin () lh com wrote:Get a av that has boot sector protection. Once you've run a scan with that, it will clear things out.Please explain how boot sector protection is supposed to help against malware living in the BIOS. You do realize that it's the BIOS that executes the boot code, don't you? Assuming the BIOS actually is infected (which isn't too clear after the OP's rather vague description) the appropriate way would be to replace the BIOS chip or flash a clean BIOS onto it using a dedicated device (*not* a PC that is booted with the potentially infected BIOS). Also examine the supposedly infected harddisk from a clean system, either by booting some live-CD after cleaning the BIOS or by attaching the disk to another system (as secondary/external disk).Boot into a disk that scans for virus at boot! Hiren EBCD Etc...And then what? In case you didn't notice: the BIOS starts the OS on that disk too, meaning that malware in said BIOS can also manipulate that OS and thus any software it may run, meaning that despite booting from a clean media you still have a (potentially) compromised system. Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq
Booting from a LiveCD with a current AV and defs might alleviate some of this concern. LiveCDs won't be written to during the boot process and shouldn't be exposed to this problem. Flashing the BIOS seems to me to be the most appropriate fix in this case from your post it seems to me that your inability to reflash the BIOS may stem from a jumper or dipswitch setting on the motherboard that would prevent writing. Check for this before attempting to reflash. Further to this, remove the drive in question from this system and use a HDD enclosure to mount the drive USB / Firewire to allow you to scan the drive from a 'known-good' machine. Best, Sean Swayze
Current thread:
- RE: Any solution for a virus in the BIOS? whip (Dec 02)
- <Possible follow-ups>
- Re: RE: Any solution for a virus in the BIOS? admin (Dec 03)
- Re: RE: Any solution for a virus in the BIOS? Ansgar -59cobalt- Wiechers (Dec 03)
- Re: RE: Any solution for a virus in the BIOS? Michael R. Martinez (Dec 03)
- Re: Any solution for a virus in the BIOS? Ansgar -59cobalt- Wiechers (Dec 03)
- Re: Any solution for a virus in the BIOS? PCSC Information Services (Dec 04)
- Re: Any solution for a virus in the BIOS? Michael R. Martinez (Dec 04)
- Re: Any solution for a virus in the BIOS? Ansgar -59cobalt- Wiechers (Dec 04)
- Re: RE: Any solution for a virus in the BIOS? Ansgar -59cobalt- Wiechers (Dec 03)