Threat Center Security News Durable rootkits for BIOS key to surviving attacks
Durable rootkits for BIOS key to surviving attacks Print E-mail
Written by Rebecca Mints   
Sunday, 22 March 2009 23:48
The basic input/output system or BIOS which makes up a computer’s low-level operating instructions can be used to create rootkits that will shield the system from various attacks.

This was revealed by security researchers during the CanSecWest security conference on Thursday as they demonstrated a new way of overwriting BIOS to create a durable rootkit which prevents an attack to wipe out hard-disk data.

Anibal Sacco and Alfredo Ortega of Core Security Technologies injected a code into a virtual machine on Windows operating system and replaced critical files in OpenBSD in another virtual machine during a demonstration at the well-attended conference.

Sacco and Ortega explained that because the chip used for BIOS found on the motherboard runs software on a computer at start-up, any executable it finds in the instructions will run everytime the system starts.  Any attacker attempting to insert malicious code into the BIOS would not be able to easily delete the rootkit.

“You can remove the hard drive, trash it, and even reinstall the operating system. This will reinstall the rootkit,” said Sacco.

The researchers claim that such a rootkit will survive a malicious code strong enough to wipe out the hard disk.

BIOS has been well-studied by many security experts who believe that the low-level operating instructions can be used to maintain the system’s integrity and provide a strong security preventive measure.


WTW Threat Level