Hi, all Just read the article "BIOS Threat is Showing up Again!", and wonder whether a modded BIOS infected with a virus or rootkit is a real possibility. If the threat is genuine, will a procedure like the avast boot scan detect such a virus? Your input, please!
I found and read through two relevant MDL threads entitled "Bios Virus' -- How do you know what you're installing?" and "Could this be used as a rootkit vector?". Suppose an SLIC-modded BIOS is flashed and then Windows 7 is activated. What would happen to the Windows activation status if the previous, unmodded BIOS (without SLIC) is re-flashed back? Can someone familiar with the subject kindly provide a few pointers? Thanks in advance for any feedback.
ASUS has UPX-packed DLLs in BIOS image, that are unpacked and used by software utilities like Ai Suite and ASUS Update. There is no pretection from BIOS flashing on manz boards, and SPI chip has like 2 Mb free space nowadays, so infection is definitely possible, but I haven't seen any related reports and with SecureBoot enabled it's very hard to impossible to flash BIOS from OS, so I don't think there is a big threat.
Thanks for your feedback, CodeRush. I found an online discussion headed "Meet 'Rakshasa,' The Malware Infection Designed To Be Undetectable And Incurable". Excerpt: This is not theory, it is already happening, and has been for a couple of years, with the advent of windows seven and the culture of wanting operating systems for free, people were willing to visit a site and download a revised slic table and bios update that made your pc appear as though it had come from any one of the OEM builders. The installation of the slic table then allowed you to introduce a crack for windows seven, that made it look as though the copy was a pre installed OEM version. The crack was encrypted and contained within it was a bootkit that was bios resident, i was unfortunate to buy a second hand machine that contained this virus, as far as i know it is still on the bios, after multiple attempts to clean it by installing a new bios and overwriting the virus, it will not allow it to happen. A copy of the virus i have also found in the host protected area of any of the disks i have used on this motherboard. Even after a complete format, removing the ram and letting it charge dissipate, removing the bios battery, replace, reformat the drive, and begin again with a clean install, it still survives. If anyone wants a copy of this for research purposes u2u me, ill give you the link where it is resident as a 3mb program, don't go and get it out of curiosity, only get it if you are serious about researching it.
Hi, all Thanks everyone for your helpful contributions and input. Please allow me to take a step back. Suppose the BIOS is indeed infected, but the intention isn't to cause damage to the mobo or the computer itself. What is the worst case scenario? The virus or trojan will be stealth. Perhaps network traffic can be monitored. What more can it do? For instance, can a keylogger be run stealthily, trying to steal and transmit passwords, and, if so, will this not be detected by a decent anti-virus program in real-time? Your feedback, please!