I don´t know much about rootkits and its code and the size needed, but I know to mod some of the bioses. Generally it´s possible to flash code containing new modules on bios chip via software. (e.g. winflasher do). It could happen without the notice of the user. It has not to be a new modified acpi module, so it depends only on the manufacturer of bios (mainly AMI and AWARD). This means the differences of bioses (almost) don´t matter cause there is no need to modify a module, just to add one. (Like ISA.BIN method of Gkend). BUT: The code will AND MUST be always loaded into ram on bootup to be executed And: The code that flashes bios is detectable, too. Any detector such as antivir is able to scan ram. If the sequence of the malicious code is known it will be detected. The only problem is that removing it from eeprom is a bit complex (for unexperienced users). Antivir: Your PC is infected with blahhkit. Could not remove malicious code. It is stored on eeprom, please reflash There is no reason to care just a good story for the writers of headlines. Any comments? Yen
ps. i'll put a TWO HUNDRED DOLLARS in an escrow account if you can show me a p5wdh deluxe bios, that HAS a virus in it (an actual bios virus, not just bogous code in the rom file so that a virus detector says it is infected), that GETS FLASHED NORMALLY with EZ-BIOS and doesn't corrupt my system, that antivir catches. You know what, if you can do it by tomorrow, I'll make it four hundred dollars...thats how confident i am that what you're saying is BS
Hi Yen, The file you uploaded to Rapidshare is gone. Any chance to upload again somewhere else? Thanks! daxanadu
Hi Guys, Before I start a flame war, it was never my intention to imply that these bios mods contain a virus. Apologies if I have given that impression. For a start the tools are available to see what the mods done are. My original question was simply to ask if it is *possible* for a root kit to be carried in the bios. A root kit is not a virus, it is quite different. and a root kit running from bios will not be detectable by any of todays means since it is in RAM first and therefore has a chance to hide before any scanners are loaded. My presumption for this is that the bios can carry executable code and if this is the right code it can subvert the running OS. This is certainly the thinking behind some, and claims of such a rootkit prototype already existing seem to back that up. cheers.
@gz1 No problem, I know that and I aswered your question with best of my knowledge. Shaba230 seems to be a person, who has got a problem with peoples who spent time to make others happy and even charge nothing for it. To misstrust seems to be an american (U.S.A.) attribute. Yen
Hey, easy now on the American thing . Not everybody here is as paranoid as that guy... Just do a google search for his handle and read some of his threads on other forums... Looks to me like he tries to get folks to be afraid of using the different Vista hacks out there. And if he's got so much cash hanging around that he can drop 400 on a proof-of-code type thing, why not just friggin buy Vista and not have to worry about it?
what i think, he's must be trying to spread the paranoia disorder virus. Sign: An unmistakable sign of paranoia is continual mistrust. People with paranoid personality disorder are constantly on their guard because they see the world as a threatening place. They tend to confirm their expectations by latching on to any speck of evidence that supports their suspicions and ignore or misinterpret any evidence to the contrary. They are ever watchful and may look around for signs of a threat.