Mebromi: Here comes the first BIOS rootkit

Discussion in 'Security and Viruses' started by linked, Sep 15, 2011.

  1. linked
    Offline

    linked New Member

    Joined:
    Aug 27, 2011
    Messages:
    18
    Trophy Points:
    4
    Ratings:
    +0 / 0 / -0
    Mebromi is the first BIOS rootkit in the wild. Here is the complete article.

    How do we protect our computer systems now? :eek:
  2. Guest Ads
    Online

    Google King of the Internet

  3. sm1
    Offline

    sm1 Notable Member

    Joined:
    Nov 3, 2009
    Messages:
    816
    Trophy Points:
    68
    Ratings:
    +4 / 0 / -0
    As said in the article the virus cannot infect our system with limited privileges. So either use limited/standard user account or don't hastily allow all UAC prompts:)
  4. hellnoire
    Offline

    hellnoire *nix Technical Support

    Joined:
    Jan 24, 2009
    Messages:
    8,925
    Trophy Points:
    266
    Ratings:
    +0 / 0 / -0
    Indeed.

    Also, weren't there other BIOS rootkits before? Or were they just MBR and my mind's playing tricks on me?
  5. linked
    Offline

    linked New Member

    Joined:
    Aug 27, 2011
    Messages:
    18
    Trophy Points:
    4
    Ratings:
    +0 / 0 / -0
    Indeed, I guess that's the only way left to be protected. :)

    ---------- Post added at 03:33 AM ---------- Previous post was at 03:27 AM ----------

    Dunno if I have heard about any BIOS rootkits before. But the article mentions about a proof of concept "IceLord". :unsure00:

    The article does mentions about CIH/Chernobyl infection, the infamous virus discovered in 1998 that was able to flash the motherboard BIOS, erasing it. :shocking:
  6. hellnoire
    Offline

    hellnoire *nix Technical Support

    Joined:
    Jan 24, 2009
    Messages:
    8,925
    Trophy Points:
    266
    Ratings:
    +0 / 0 / -0
    I remember reading about Chernobyl/CIH when I was first playing SiN 1, seeing as one of the mirrors of the demo had a virus on it and no one knew of it. I was lucky enough not to get it then. And that might have been what I was thinking, a proof of concept one.
  7. Bearcat
    Offline

    Bearcat Prominent Member

    Joined:
    Jan 8, 2011
    Messages:
    2,963
    Trophy Points:
    166
    Ratings:
    +0 / 0 / -0
    Thanks for the heads up linked. I wasn't aware of the existance of Mebroni and now I will stay alert for it. :mad:
  8. Raymond
    Offline

    Raymond Administrator Staff Member

    Joined:
    Nov 6, 2006
    Messages:
    8,845
    Trophy Points:
    280
    Ratings:
    +72 / 0 / -1
    If the Mebromi rootkit is stable, then the coder must be really good at it.
    The fact is it's not easy and very rarely people know how to code a BIOS rootkit.
  9. tejaswi
    Offline

    tejaswi Member

    Joined:
    Aug 30, 2011
    Messages:
    36
    Trophy Points:
    9
    Ratings:
    +0 / 0 / -0
    I hope KIS has something in it's arsenal to fight this Mebromi.... I have only 16 days left before I buy a new subscription/ Win one here :D
  10. leofelix
    Offline

    leofelix Distinguished Member

    Joined:
    Dec 27, 2008
    Messages:
    5,812
    Trophy Points:
    266
    Ratings:
    +0 / 0 / -0
    Thank you
    Once Award BIOS had an antivirus inside (Trend Micro PC Cillin).
    Some motherboards have a backup BIOS
    in regards to previous malware targeting BIOS you may like to read here
  11. Bearcat
    Offline

    Bearcat Prominent Member

    Joined:
    Jan 8, 2011
    Messages:
    2,963
    Trophy Points:
    166
    Ratings:
    +0 / 0 / -0
    Thanks for the additional information Leo.