Mebromi: Here comes the first BIOS rootkit

[linked]

Mebromi is the first BIOS rootkit in the wild. Here is the complete article.

The malware is called Mebromi and contains a bit of everything: a BIOS rootkit specifically targeting Award BIOS, a MBR rootkit, a kernel mode rootkit, a PE file infector and a Trojan downloader. At this time, Mebromi is not designed to infect 64-bit operating system and it is not able to infect the system if run with limited privileges.

How do we protect our computer systems now?

[sm1]

How do we protect our computer systems now?

As said in the article the virus cannot infect our system with limited privileges. So either use limited/standard user account or don't hastily allow all UAC prompts

[hellnoire]

As said in the article the virus cannot infect our system with limited privileges. So either use limited/standard user account or don't hastily allow all UAC prompts

Indeed.

Also, weren't there other BIOS rootkits before? Or were they just MBR and my mind's playing tricks on me?

[linked]

As said in the article the virus cannot infect our system with limited privileges. So either use limited/standard user account or don't hastily allow all UAC prompts

Indeed, I guess that's the only way left to be protected.

---------- Post added at 03:33 AM ---------- Previous post was at 03:27 AM ----------

Indeed.

Also, weren't there other BIOS rootkits before? Or were they just MBR and my mind's playing tricks on me?

Dunno if I have heard about any BIOS rootkits before. But the article mentions about a proof of concept "IceLord".

This turned to be a very interesting discovery as it appears to be the first real malware targeting system BIOS since a well-known proof of concept called IceLord in 2007.

The article does mentions about CIH/Chernobyl infection, the infamous virus discovered in 1998 that was able to flash the motherboard BIOS, erasing it.

[hellnoire]

Dunno if I have heard about any BIOS rootkits before. But the article mentions about a proof of concept "IceLord".

The article does mentions about CIH/Chernobyl infection, the infamous virus discovered in 1998 that was able to flash the motherboard BIOS, erasing it.

I remember reading about Chernobyl/CIH when I was first playing SiN 1, seeing as one of the mirrors of the demo had a virus on it and no one knew of it. I was lucky enough not to get it then. And that might have been what I was thinking, a proof of concept one.

[Bearcat]

Thanks for the heads up linked. I wasn't aware of the existance of Mebroni and now I will stay alert for it.

[Raymond]

If the Mebromi rootkit is stable, then the coder must be really good at it.
The fact is it's not easy and very rarely people know how to code a BIOS rootkit.

[tejaswi]

I hope KIS has something in it's arsenal to fight this Mebromi.... I have only 16 days left before I buy a new subscription/ Win one here

[leofelix]

Thank you

a BIOS rootkit specifically targeting Award BIOS

Once Award BIOS had an antivirus inside (Trend Micro PC Cillin).
Some motherboards have a backup BIOS
in regards to previous malware targeting BIOS you may like to read here

[Bearcat]

Thanks for the additional information Leo.