Mebromi: Here comes the first BIOS rootkit

[linked]

Thank you

Once Award BIOS had an antivirus inside (Trend Micro PC Cillin).
Some motherboards have a backup BIOS
in regards to previous malware targeting BIOS you may like to read here

Thanks for the heads-up Leofelix.

The malware at this moment is only targeting Chinese users as the article mentions.

The infection is clearly focused on Chinese users, because the dropper is carefully checking if the system it’s going to infect is protected by Chinese security software Rising Antivirus and Jiangmin KV Antivirus. To gain access to the BIOS, the infection first needs to get loaded in kernel mode so that it can handle with physical memory instead of virtual memory.

The usage of such a dangerous malware seems shady at the moment as it is only targeting a particular group of users. Some kind of beta tests the coder is running before unleashing the malware to all??

If the Mebromi rootkit is stable, then the coder must be really good at it.
The fact is it's not easy and very rarely people know how to code a BIOS rootkit.

The coder or coders must have spent a hefty amount of time and energy in developing this malware.

The concept behind Mebromi is not new. In fact we must recall the IceLord BIOS rootkit published in 2007, a public proof of concept able to target Award BIOS rom, using an approach very similar to the Mebromi one – or should we say that Mebromi is more than just inspired by the IceLord rootkit?